CloudOps for AWS

3.1.x

Initializing CloudCore

This section provides instructions to initialize the CloudCore component. For generic instructions on initializing CloudOps components, see Initializing CloudOps Components.

Procedure

  1. Clone the CloudCore repository from the Git repository hosting service as described in the Requirements page

  2. Check out the correct branch for the version of CloudCore that you want to initialize

  3. Run the following command to copy a private SSH key authorized to clone from the Git repository hosting service to the Containers/bootstrap/ sub-directory: cp /path/to/${PRIVATE_GIT_KEY} CloudCore/Containers/bootstrap/

  4. Edit the runBootstrap.sh script with the required parameters.For information about the parameters, see the comments in the script. For additional information on each CloudCore runBootstrap.sh parameter, see runBootstrap.sh settings below.

  5. Run the runBootstrap.sh script. You can monitor the progress of the initialization on the terminal window and in the AWS CloudFormation web console.

  6. When the script is run, ensure that an SSH key named ep-bastion is copied into the same directory as the runBootstrap.sh script. This is the only copy of the key. You cannot access the application servers using SSH without the key.

  7. Update the name servers to the domain name with the values generated by the initialization script

Initialization Details

The bootstrap script (runBootstrap.sh) runs an initialization script, init.sh, inside a bootstrap Docker container. This initialization script creates CloudFormation stacks to set up CloudCore’s infrastructure. You can configure the following settings in the init.sh script:

  • The path to the CloudFormation template that creates the network, build server, and base Elastic Path AMI (Amazon Machine Image)
  • The AMI, use as the base for the Elastic Path AMIs
  • The name for the new Elastic Path AMI
  • The name for the AWS SSH key for Elastic Path EC2 instances
  • The key that identifies the git SSH key
  • The name of the Amazon S3 bucket to be created to store the CloudFormation templates
  • The name of the stacks that create the network, build server, base AMI, and RDS (Relational Database Service) snapshots
  • Default Jenkins parameters
  • Consul configuration
  • Bastion configuration
  • Version parameters that specify the versions of various technologies used

Validating Initialization

After running the bootstrap containers to initialize the component to initialize CloudCore, validate the following to ensure that CloudCore is setup as required.

AWS Security Groups

Access to resources created by CloudOps is controlled through AWS Security Groups. This includes the Bastion and Jenkins servers and the Config Store. By default, CloudOps only grants access to these resources to the IP address from which CloudCore was initialized. For more information about the security groups, see Security in Elastic Path CloudOps for AWS.

Warning: Access to the Public and Bastion security groups must be restricted as they grant access to the Config Store. The Config Store contains sensitive information including EC2 keys and other credentials.

Granting additional access to the Jenkins server and Config Store

  1. Identify the external IP address of the users who will need access to the Jenkins server and the Config Store
  2. Update the Public security group as needed

Granting additional access to the Bastion server

  1. Identify the external IP address of the users who will need access to the Bastion server
  2. Update the Bastion security group as needed

AWS CloudFormation Stacks

Ensure that the following Amazon CloudFormation stacks are completed successfully:

  • EP-CC-Network: Initializes the CloudOps network
  • EP-CC-Bastion: Creates the Bastion server used to access VMs in private subnets
  • EP-CC-Route53: Creates the Route53 hosted zone and DNS entries
  • EP-CC-Config-Store: Creates the Consul cluster used to store config
  • EP-CC-Jenkins-Server: Creates the master Jenkins server

Note: You may see additional CloudFormation stacks named EP-CC-AMI or EP-CC-ECS-AMI during the initialization of CloudCore. These stacks must be automatically deleted before CloudCore initialization is completed.

AWS S3 Bucket

Ensure that the ep-cloudops-<account_id> Amazon S3 bucket exists and contains:

  • A CloudCore folder with the following structure:
CloudCore/
|
|---/
    |
    |---Files/
    |   |
    |   |---consul/
    |   |
    |   |---jenkins/
    |
    |---Scripts/

AWS Machine Images (AMIs)

Ensure that the following two AMIs are created, are owned by your AWS account, and are private:

  • baseEpAmi
  • baseEpEcsAmi

Jenkins Server

Confirm that a Jenkins instance is created and is accessible.

Option 1: DNS already configured

If the DNS name server values is already updated, find the hostname of the Jenkins server in the Outputs section of the EP-CC-Jenkins-Server CloudFormation stack and access it from there.

Option 2: DNS not configured

If the DNS name servers are not updated yet, find the DNS name of the Jenkins load-balancer and access the Jenkins server from there.

Default login credentials
FieldValue
Usernameadmin
PasswordEl4stic123

Reference Materials

runBootstrap.sh Parameters

You must provide the following details to initialize CloudCore:

FieldDescription
versionSetFileNameThe file name of the component version set to use. This file and the default files for supported versions of EP Commerce can be found in the folder _cloud-core-aws/Containers/bootstrap/versionsets/_. An example filename for EP Commerce version 7.3 would be ep73.conf
epCloudCoreGitRepoUrlThe SSH URL to the CloudCore repository.
epCloudCoreBranchThe CloudCore branch and release version to use for CloudCore initialization. This setting is optional. The default setting for this parameter is master.
gitSSHKeyFileNameThe name of a private SSH key authorized to clone from your Git repository hosting service. Ensure that the private key is in the same folder as the bootstrap Dockerfile, Containers/bootstrap/, and that the key is not password protected.
gitUsernameThis setting is optional if you don’t use AWS (Amazon Web Services) CodeCommit. If you use AWS CodeCommit as a git service for all CloudOps repositories, use the 'SSH Key ID’ as mentioned in the AWS documentation.
awsAccessKeyIdThe access key ID for the AWS account in which you want to initialize CloudCore.
awsSecretAccessKeyThe secret access key for the AWS account in which you want to initialize CloudCore.
awsRegionThe AWS region in which you want to deploy CloudOps.
epCloudOpsDomainThe domain name to use with CloudCore. This setting is optional. If left blank, CloudCore’s DNS resolution works only within AWS. The default setting is aws.epcloudops.com.
certificateArnThe ARN (Amazon Resource Name) for an HTTPS certificate in AWS Certificate Manager. This setting is optional. If left empty, CloudCore does not use SSL.

Related Topics

Last updated on 3/27/2020
CloudCore OverviewCloudCore Configurations