Merge pull request #16 from chef-customers/nd/push-jobs

Initial efforts at bringing in push jobs

.travis.yml

@@ -0,0 +1,23 @@
+addons:
+  apt:
+    packages:
+    - awscli
+install: true
+script:
+- aws cloudformation validate-template --template-body file://backendless_chef.yaml
+deploy:
+  provider: s3
+  access_key_id:
+    secure: oNPkZAaz4bJaXDZxYq/PrudDy7VGMok9pPpfO3B7au68ieOlFKZQr5e93hoH4/ekDspL7ZlquudLyh4pVvv3a6wvRLp7bOmyvfVBPWdzvMhuFGcUaKgft+YU5/xlVamR8tK9ntVOWY1wmJg3NJ1D+1MbxIG980uu4bKfm8BhbZhCDbTl5vH41YlF1c4YCWaFxVFHE5prDDIWIUR8iiTcQKbzVSmIPJOFzx/ym1FK3ipLcNE5aKuB0lWEGF87CWvAQAwMtqhJpxIG9HLjkAjZ/e9TGRkTpndQD3M0zT4XDgQIHUsEl/inVeMC0lIrndFabv9MOLsz7tGv9fNpugtOT/sSa2kYVAFWHYEes+Lk+6ilnpxhf+VsVY0Y59igAlsP0BJexy0Qo9LkxUe79vmlEWFVp0wnc0DC3EQdxlYugXjUqSRRQx3zOs6zSygUOvGnwJmrXlm0f+FkpKfr3jKPjlcuWNL+hKWVpQtBwAYmBLsVE5pi+454MDwhQs498og921qE0ujBV1/snVUu3KCUjsxWyRYYd1Q6QPhBh1ch3lApFelAjuFlXDnUCukwYmQjdZpmky2aLqngHsGyWN9WyCPVic6nAgR9lZpblr+yEEoqZKGwyq2owBl7U2mhmyOnZ+hxCBrunuTPhVenKSZCQ21rt2Yt0pgp71ICSU3AP4g=
+  secret_access_key:
+    secure: PWviiizhR1S7RcrCpWke2kw8hWjUbF63jtvE7G0JnwO8l1+D30LqYml2jyhcpZFzQlh3WludBajrb9XDaEzyhGNLa06FcwxilHIHbtOIRfsKT9i5YKq6kHwVI/7Vvewigd0joWoihcmK5QQSBtE1P/yOq6+qBPz6DOIhfImQHIYloaTd0fbeRw552pSviol/JmuJFMrUNDUzhwBqZ4Sz1UgY5z0y3sKTNKPY4HoEObb+vX+vdynd89WqwNP32NjmE2vPlalMFtcbrk+gXrc+arurv9XYyJ3sIHxRPdrVBnIc1ZcscOq1UVasbvcU+IPwssXM/xxKvfPhtlZCeg+TGxlqCrFKPVlf0k4ESqVNQX6DsR+8PmaAbHESfW3lLRQmuWCn0ZvmyaHfOWZWoq0FtJByvnarAaC672x3ZbNyyBzfhndv4qbb+struFjOCacjGa2JfCCeflu8FsqoRVm89hDoU5DQ+cQ58kDzA7g/Zb1cvxD7k3K/Wxdlre2B5EPhKxtbfZfdXB6JXdgZbI+oIDrCO9X9gGbKo4CsHQgZVSQ7JR4do9P4BRIvA2bxUUcMUxJ4h+ZSNYs8/eUFks6EYUqGRyIZ6UP3g8/tdmhGNjgW03lnB9HqX17rc1HLV1p1hy2KPL4t7FB/ydC4cd/Ct5jpn3x4TwOEm5GJ370XUCM=
+  bucket: aws-native-chef-server
+  acl: public_read
+  on:
+    branch: master
+env:
+  global:
+  - secure: vHqHE/Du2MHf8xGHtB21wZOf2sNpFxelx+eCIdffAq7EpwhmY6de60Q5Ywk6ODx4yke21tcrWfLJNH8EWEeemvd8Neq6GRvj+5ezNoE16gucFJDcQ9blIHZGiPOVuMPZILrbGfFG3Hnkxu4jBK/8gATr5Sq0eBuFMmPFexZo6QKynayAzMiYdsnkaMOfhH0wPXXZLQOpN+GO4UmG7gjPs8cTCZUHj0OzWkU6/0AtEe7hLm5KFfeVVh4QWoipOEXRX+9Wmijtr29H1tomEuFin5VZpToZnE+3iHW1VhMtbsSmOdswX4JnjUa0upG8uOzvYmioNrq8Ae4wYdX3/nNBkpKNfPAOFqdS5b4tVEeeDCGKT/bLV+1g0FxK1svFst2H/IT8GGnsoeGKoGOUmSYEVC6nRe0+74wZs5vi2VmqcwffgQdB0PJFlgnFKxe7r52mT6biLRWbtb4nP4Sr+mBIwIZB4sKuIa1vtdgj5APGEpSAa0DW1lp6oBxhyWPXg7/Fmy4H5mZXS7gZXQoHX9/cPeHd3cdd9bNtmcK+HOMIwrmP6mxGIbUPUXlOrgCE3ugiPsVC8uRlCobjYJbrbOHuQToh/TdZN9oAbJqwjiR5mCJuaHc34/ZleNDLPpdJTyYs9ARBft1c/wWqx9BnexoLuzeTAuVs1hb8yYzjHtHpEsE=
+  - secure: Mxngxb+f+edoK42od1M1ojTbOr/Ha3fyEkjYzvX1gF7P0P2imm4utiBciJdJq1AnxXLKPYwoSMYMNvkXCpWdcOrz9JF4Hux+aJ1f7wzssaMgVAdfi8ZM438HXTz7LgkdkZ/d/FX+CgWszx37aHd9AfzH/x9/wQDEuAf+PvSPjGVW86V8jYZ74ZYgyJVnXdkOXwdKOT4TqWp/C7XQvzOJdm8soEFllEh5tuyCDj5SqGfjCj6XzEXQIVAoBujSiIVs6N1cSY3qayy63ReinBk29BcdhThSpBr1OefBcJ33GTk02R0mlqUeVncZ1PWRdNmizf5qPB9+dDbAhEoZzrk6fcE+lNLWvIKV/jhEnumQGmLWwEpZGm20K2AVqDGcsyKdvOzP4J43xpkHHvMMBOP5wqjbJ3UhPA4xlu6BVpQgSYF12YBkjMTKecqhzcPkmbFatuN9kNpGxKyEGL12KzkbrXVVJ2WCank1C7XYvPPFi14GgVb7dyB3GOGP5mvfCQw6tnYfkGdvQKoXzkBK7i/5LuLl3R9wmBUsCc+pflHEdLEPJ6BeWE3WmjEPsZTYayaEW8YXjU0AIHGfvXVB7U4GuUVaqIOltSdt2j5C730ak4OwriwHKsbI1TTkHETcwvPkyk3FYmUW4HoxOndLcXtcDIqp1PwECe7doeTbTcBelho=
+  - secure: tU3ZGSVTVRBarT1ZOH3y/fu/fGKaphN/48ICQbfT6LVCZ0g+6vNp0QUaukiJaDeoyQvyJOX1iXyTYtxMZy3++PTJJ/JU2nvrFEaE0Y9l3LdnMC+v2cZtDWOAROUqBgWIQL9bDH5YIR6Iqb6DtLdp70qHvfUQhHjte/n8ej1n6Kr8avaUU/jfGU6GesjXIRitz2dKh62IJrMNG0GThhAMjH50BNg5uXVgSsUXBrDUZcc7KHlSHI1hvf3pt35/irMgflVM4yDhJwKpKXY/szxcGkn1na4MhaJGLZPupmkYpoHjdRjBvBI9he5wbFucm/coSyRo6GLqE0APi4AICNQS/gCIjDeEG0vgIh3YrERVdIfJFp3La85pbPUmwA9c4zIbyVBRtUUKDpjdhJYoS9Mj4+mLSBvAI0TxG/CNU8Hbg7VMHLIW05SvPFAk7GMF8MsM9jQHjl3KztRupyw3v3x6qPb9qezJYzBVJxZ1GeHSWG3roAmqKnoN39EUMtcQglh/2fS1HeDfU6O+gN8ZxK+g0jILTxyAgj++3x0pZ45B+OSTh7fuReT6uAZYZHjF1Vg1PFK5Ek7gjmksOO3QH+G62u9j+7iPlFWkYAfj0/gHUsN+roe5o7FvjJmVhhIb5x35aX0IONNg6eWr7shAA9aLCcR/26aY+ouL0juTwYb564U=
+  - secure: Tad2u9nKOcE5LGe/ruLbJP9FuGWZiEIPKEYp7di+AV/EnYUrPN3i2BP2uv/atC0Uwwj5HbEWnNqdOZqJCMafPacetVvNGtYXxati9PeWbg9eGtm6GOGnJQ3GmBgC0vxAt8MmjAOu7o4tK8X3FCiaDiiJtsIf+tohUADKfMV+28NHyd1RXls2tW+BybtNOodUiydZDLIAxTiqePUlHcQdgW65HRseHOpSUnKbzyrsOrBqnWtIm6/kXNVJwxVxTHAsNNMRSVldiI+JZtlsQPByxI7e/ielzxOU+He3AvNmzbvmX9cWIfbixSEgvFO+hUCQdz1lFEjuSPMZI+hGxAu76ks7hVu9WBaThE+rgWZcT4SPIWTFI4OWrodEZI56q/GI4aOA4S+3AZRyd2R1rS9IGAgNPCLu95SyCpn+Pl4yOVnGuKTMs8O2CodjVIzG0iQC3IJA+9hqho4yrYMnn17O4itvUnTx2YXdybs3AKRdp7ivKeAXK3iQL9HOsI+itTgy616scW7+Tefj3a53cHpNkUX2jLWm4Z1C/fbAhFOPGu5FNRjagHFDO04WoMxMWQWRpi7j4j1tBVEuUYzliKFEZwYZrR01fH9Bq6ybuOpKN8wBfrEORf45BaZYI4+8WXdXdtEV8ors4EDfO3wm+w4YRxSKr/+Nst54P6ooJmgGT+E=

backendless_chef.yaml

@@ -1,15 +1,19 @@
 AWSTemplateFormatVersion: '2010-09-09'
-Description: AWS Native Chef Server v2.3
+Description: AWS Native Chef Server v2.4.0
 
 Parameters:
   ChefServerPackage:
     Description: The URL to the chef server EL7 (chef-server-core) package which will be downloaded
     Type: String
-    Default: 'https://packages.chef.io/files/stable/chef-server/12.15.8/el/7/chef-server-core-12.15.8-1.el7.x86_64.rpm'
+    Default: 'https://packages.chef.io/files/stable/chef-server/12.16.9/el/7/chef-server-core-12.16.9-1.el7.x86_64.rpm'
   ChefManagePackage:
     Description: The URL to the chef-manage EL7 package which will be downloaded
     Type: String
     Default: 'https://packages.chef.io/files/stable/chef-manage/2.5.4/el/7/chef-manage-2.5.4-1.el7.x86_64.rpm'
+  PushJobsPackage:
+    Description: The URL to the push jobs server package which will be downloaded
+    Type: String
+    Default: 'https://packages.chef.io/files/current/opscode-push-jobs-server/2.2.5/el/7/opscode-push-jobs-server-2.2.5-1.el7.x86_64.rpm'
   FilesLocation:
     Description: The base URL for script and config files needed by this template (include a trailing /)
     Type: String
@@ -70,6 +74,13 @@ Parameters:
     Description: Provide a DB Subnet Group ARN (or leave blank to have one created for you)
     Default: ''
     Type: String
+  ElasticSearchVersion:
+    Description: Version of ElasticSearch to use. Chef 12.16 supports v2.3 or 5.3. (5.3 recommended for new installs)
+    Type: String
+    Default: '2.3'
+    AllowedValues:
+    - '2.3'
+    - '5.3'
   ElasticSearchShardCount:
     Description: Number of ElasticSearch hosts to provision at launch (3 recommended)
     Default: 3
@@ -133,13 +144,13 @@ Conditions:
 Mappings:
   AWSRegion2AMI:
     us-east-1:
-      AMI: ami-a4c7edb2
+      AMI: ami-4fffc834
     us-east-2:
-      AMI: ami-8a7859ef
-    us-west-2:
-      AMI: ami-6df1e514
+      AMI: ami-ea87a78f
     us-west-1:
-      AMI: ami-327f5352
+      AMI: ami-3a674d5a
+    us-west-2:
+      AMI: ami-aa5ebdd2
 
 Resources:
 #########################################################################################
@@ -156,6 +167,9 @@ Resources:
       LaunchConfigurationName: !Ref ServerLaunchConfig
       TargetGroupARNs:
       - !Ref ChefTargetGroup
+      - !Ref ChefBootstrapTargetGroup
+      LoadBalancerNames:
+      - !Ref ChefPJELB
       MaxSize: '1'
       MinSize: '1'
       Tags:
@@ -305,6 +319,10 @@ Resources:
         IpProtocol: tcp
         SourceSecurityGroupId: !Ref SSHSecurityGroup
         ToPort: '22'
+      - FromPort: '10000'
+        IpProtocol: tcp
+        SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup
+        ToPort: '10003'
       Tags:
       - Key: Name
         Value: !Sub ${AWS::StackName}-FE-SG
@@ -327,12 +345,41 @@ Resources:
         FromPort: '443'
         IpProtocol: tcp
         ToPort: '443'
+      - FromPort: '10000'
+        IpProtocol: tcp
+        CidrIp: 0.0.0.0/0
+        ToPort: '10003'
       Tags:
       - Key: Name
         Value: !Sub ${AWS::StackName}-ELB-SG
       VpcId: !Ref VPC
     Type: AWS::EC2::SecurityGroup
 
+  ChefPJELB:
+    Type: "AWS::ElasticLoadBalancing::LoadBalancer"
+    Properties:
+      SecurityGroups:
+        - !Ref LoadBalancerSecurityGroup
+      Subnets: !Ref LoadBalancerSubnets
+      Scheme: !Ref LoadBalancerScheme
+      Listeners:
+        - LoadBalancerPort: '10000'
+          InstancePort: '10000'
+          Protocol: TCP
+        - LoadBalancerPort: '10002'
+          InstancePort: '10002'
+          Protocol: TCP
+        - LoadBalancerPort: '10003'
+          InstancePort: '10003'
+          Protocol: TCP
+      Tags:
+        - Key: Name
+          Value: !Sub ${AWS::StackName}-pj-lb
+        - Key: X-Dept
+          Value: !Ref ContactDept
+        - Key: X-Contact
+          Value: !Ref ContactEmail
+
   ChefALB:
     Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
     Properties:
@@ -362,6 +409,19 @@ Resources:
         - Type: forward
           TargetGroupArn: !Ref ChefTargetGroup
 
+  ChefALBPJListenerRule:
+    Type: "AWS::ElasticLoadBalancingV2::ListenerRule"
+    Properties:
+      Actions:
+        - Type: forward
+          TargetGroupArn: !Ref ChefBootstrapTargetGroup
+      Conditions:
+        - Field: path-pattern
+          Values:
+            - "/organizations/*/pushy/*"
+      ListenerArn: !Ref ChefALBListener
+      Priority: 1
+
   ChefTargetGroup:
       Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
       Properties:
@@ -382,6 +442,26 @@ Resources:
           - Key: X-Contact
             Value: !Ref ContactEmail
 
+  ChefBootstrapTargetGroup:
+      Type: "AWS::ElasticLoadBalancingV2::TargetGroup"
+      Properties:
+        HealthCheckIntervalSeconds: 60
+        UnhealthyThresholdCount: 10
+        HealthCheckPath: /_status
+        VpcId: !Ref VPC
+        Port: 443
+        Protocol: HTTPS
+        TargetGroupAttributes:
+          - Key: stickiness.enabled
+            Value: true
+          - Key: stickiness.type
+            Value: lb_cookie
+        Tags:
+          - Key: X-Dept
+            Value: !Ref ContactDept
+          - Key: X-Contact
+            Value: !Ref ContactEmail
+
   ServerLaunchConfig:
     Type: AWS::AutoScaling::LaunchConfiguration
     Properties:
@@ -421,6 +501,7 @@ Resources:
             rpm:
               chef-server-core: !Sub ${ChefServerPackage}
               chef-manage: !Sub ${ChefManagePackage}
+              opscode-push-jobs-server: !Sub ${PushJobsPackage}
             yum:
               perl: []
               perl-Switch: []
@@ -431,6 +512,10 @@ Resources:
               zip: []
               unzip: []
           files:
+            /etc/opscode-push-jobs-server/opscode-push-jobs-server.rb:
+              content: !Sub |
+                opscode_pushy_server['vip'] = '127.0.0.1'
+                opscode_pushy_server['server_name_advertised'] = '${ChefPJELB.DNSName}'
             /etc/chef-manage/manage.rb:
               content: !Sub |
                 disable_sign_up ${DisableSignup}
@@ -467,6 +552,7 @@ Resources:
                 opscode_solr4['elasticsearch_replica_count'] = ${ElasticSearchReplicaCount}
                 bookshelf['storage_type'] = :sql
                 bookshelf['db_pool_size'] = 20
+                bookshelf['vip'] = '${ChefALB.DNSName}'.downcase
                 rabbitmq['enable'] = false
                 rabbitmq['management_enabled'] = false
                 rabbitmq['queue_length_monitor_enabled'] = false
@@ -480,7 +566,7 @@ Resources:
                 start on runlevel [2345]
                 stop on shutdown
                 respawn
-                exec /usr/local/bin/aws-signing-proxy 
+                exec /usr/local/bin/aws-signing-proxy
             /etc/aws-signing-proxy.yml:
               content: !Sub |
                 listen-address: 127.0.0.1
@@ -573,7 +659,7 @@ Resources:
   ElasticsearchDomain:
     Type: AWS::Elasticsearch::Domain
     Properties:
-      ElasticsearchVersion: 2.3
+      ElasticsearchVersion: !Ref ElasticSearchVersion
       ElasticsearchClusterConfig:
         InstanceCount: !Sub ${ElasticSearchShardCount}
         ZoneAwarenessEnabled: false

files/main.sh

@@ -53,6 +53,12 @@ function prevent_dns_overload {
   echo "`hostname -i` `hostname -f`" >> /etc/hosts
 }
 
+function push_jobs_configure () {
+	chef-server-ctl reconfigure --accept-license
+	opscode-push-jobs-server-ctl reconfigure
+	chef-server-ctl restart
+}
+
 # Here we go
 prevent_dns_overload
 
@@ -79,3 +85,6 @@ if [ -n "${BOOTSTRAP_TAGS}" ]; then
   echo "[INFO] syncing bootstrap secrets up to S3"
   upload_config
 fi
+
+echo "[INFO] Configuring push jobs"
+push_jobs_configure

stack_parameters.json.example

@@ -1,4 +1,8 @@
 [
+  {
+    "ParameterKey":   "ElasticSearchVersion",
+    "ParameterValue": "5.3"
+  },
   {
     "ParameterKey":   "SSLCertificateARN",
     "ParameterValue": "arn:aws:acm:us-west-2:446539779517:certificate/60f573b3-f8ed-48d9-a6d1-e89f79da2e8f"