Initializing CloudCore
This section provides instructions to initialize CloudCore, a component of Elastic Path CloudOps for AWS. The bootstrap script runs an initialization script, init.sh, inside a bootstrap Docker container. This initialization script creates CloudFormation stacks to set up CloudCore’s infrastructure using settings from a version set file.
Prerequisites
The following requirements and preparations are needed before initializing CloudCore:
- Requirements are fulfilled
- CloudCore
runBootstrap.shSettings values are gathered, to be used in step 4. Edit the runBootstrap.sh script
Procedure
Clone the CloudCore repository from the Git repository hosting service as described in the Requirements page
Check out the correct branch for the version of CloudCore that you want to initialize
Run the following command to copy a private SSH key authorized to clone from the Git repository hosting service to the
Containers/bootstrap/sub-directory:cp /path/to/${PRIVATE_GIT_KEY} path/to/cloud-core-aws/Containers/bootstrap/Edit the
runBootstrap.shscript with the required parameters. For information about the parameters, see the comments in the script.Note: For additional information on each CloudCore
runBootstrap.shparameter, see CloudCore runBootstrap.sh Settings.Run the
runBootstrap.shscript. You can monitor the progress of the initialization on the terminal window and in the AWS CloudFormation web console.Tip: Monitor the progress of the initialization in the terminal window and in the AWS CloudFormation web console
When the script is run, ensure that an SSH key named
ep-bastionis copied into the same directory as therunBootstrap.shscript.Important: This is the only copy of the key. You cannot access the application servers using SSH without the key
Update the name servers to the domain name with the values generated by the initialization script
Check the installation by following the Validating CloudCore Initialization section below
Validating Initialization
After running the bootstrap containers to initialize the component to initialize CloudCore, validate the following to ensure that CloudCore is setup as required.
AWS Security Groups
Access to resources created by CloudOps is controlled through AWS Security Groups. This includes the Bastion and Jenkins servers and the Config Store. By default, CloudOps only grants access to these resources to the IP address from which CloudCore was initialized. For more information about the security groups, see Security in Elastic Path CloudOps for AWS.
Warning: Access to the Public and Bastion security groups must be restricted as they grant access to the Config Store. The Config Store contains sensitive information including EC2 keys and other credentials.
Granting additional access to the Jenkins server and Config Store
- Identify the external IP address of the users who will need access to the Jenkins server and the Config Store
- Update the Public security group as needed
Granting additional access to the Bastion server
- Identify the external IP address of the users who will need access to the Bastion server
- Update the Bastion security group as needed
AWS CloudFormation Stacks
Ensure that the following Amazon CloudFormation stacks are completed successfully:
EP-CC-Network: Initializes the CloudOps networkEP-CC-Bastion: Creates the Bastion server used to access VMs in private subnetsEP-CC-Route53: Creates the Route53 hosted zone and DNS entriesEP-CC-Config-Store: Creates the Consul cluster used to store configEP-CC-Jenkins-Server: Creates the master Jenkins server
Note: You may see additional CloudFormation stacks named
EP-CC-AMIorEP-CC-ECS-AMIduring the initialization of CloudCore. These stacks must be automatically deleted before CloudCore initialization is completed.
AWS S3 Bucket
Ensure that the ep-cloudops-<account_id> Amazon S3 bucket exists and contains:
- A
CloudCorefolder with the following structure:
CloudCore/
|
|---/
|
|---CloudFormation/
|---Files/
| |
| |---consul/
| |
| |---jenkins/
|
|---Scripts/
AWS Machine Images (AMIs)
Ensure that the following two AMIs are created, are owned by your AWS account, and are private:
baseEpAmibaseEpEcsAmi
Jenkins Server
Confirm that a Jenkins instance is created and is accessible.
Option 1: DNS already configured
If the DNS name server values is already updated, find the hostname of the Jenkins server in the Outputs section of the EP-CC-Jenkins-Server CloudFormation stack and access it from there.
Option 2: DNS not configured
If the DNS name servers are not updated yet, find the DNS name of the Jenkins load-balancer and access the Jenkins server from there.
Default login credentials
| Field | Value |
|---|---|
| Username | admin |
| Password | El4stic123 |
Reference Materials
runBootstrap.sh Parameters
You must provide the following details to initialize CloudCore:
| Field | Description |
|---|---|
versionSetFileName | The file name of the component version set to use. This file and the default files for supported versions of EP Commerce can be found in the folder: cloud-core-aws/Containers/bootstrap/versionsets/. An example filename for EP Commerce version 7.3 would be: ep73.conf. For more information on each version set file parameter, see CloudCore version set file settings section below. |
epCloudCoreGitRepoUrl | The SSH URL to the CloudCore repository. |
epCloudCoreBranch | The CloudCore branch and release version to use for CloudCore initialization. This setting is optional. The default setting for this parameter is master. |
gitSSHKeyFileName | The name of a private SSH key authorized to clone from your Git repository hosting service. Ensure that the private key is in the same folder as the bootstrap Dockerfile, Containers/bootstrap/, and that the key is not password protected. |
gitUsername | This setting is optional if you don’t use AWS (Amazon Web Services) CodeCommit. If you use AWS CodeCommit as a git service for all CloudOps repositories, use the 'SSH Key ID’ as mentioned in the AWS documentation. |
awsAccessKeyId | The access key ID for the AWS account in which you want to initialize CloudCore. |
awsSecretAccessKey | The secret access key for the AWS account in which you want to initialize CloudCore. |
awsRegion | The AWS region in which you want to deploy CloudOps. |
accountRoleTag | The tag to apply to every EC2 instance in the AWS account you are initializing. It should describe the purpose of the account. For example, dev or prod. The default setting is dev. For more information about EC2 tags CloudOps uses see the EC2 Tags page. |
epCloudOpsDomain | The domain name to use with CloudCore. This setting is optional. If left blank, CloudCore’s DNS resolution works only within AWS. The default setting is aws.epcloudops.com. |
certificateArn | The ARN (Amazon Resource Name) for an HTTPS certificate in AWS Certificate Manager. This setting is optional. If left empty, CloudCore does not use SSL. |
CloudCore Version Set File Settings
During CloudCore initialization, the bootstrap process consumes a file that specifies several version parameters for various technologies CloudOps for AWS uses. This file is called the version set file.
During CloudCore bootstrap, you must provide a version set file that is compatible with the EP Commerce version used in your deployment of the CloudOps components. For example, if using EP Commerce version 7.3, you must use the version set file ep73.conf. If you provide your own version set file you must commit and push the changes to your Git repository hosting service and specify that branch and version set file to the bootstrap script before deploying the CloudOps Components.
Default files for supported versions of EP Commerce can be found in the CloudCore component in the folder cloud-core-aws/Containers/bootstrap/versionsets/
The version set file provides the following parameters when initializing CloudCore:
| Field | Description |
|---|---|
customEcsAmiId | The AMI (Amazon Machine Image) id of a custom Amazon AMI. It is used to build the base Elastic Path ECS (Elastic Container Service) AMI. This setting is optional. If left blank, CloudCore will use the AMI specified in amazonOptimizedEcsAmiName. For CloudOps for AWS 3.2, images based off of Amazon Linux must use Amazon Linux 2. |
customLinuxAmiId | The AMI id of a custom Amazon AMI. It is used to build the base Elastic Path Linux AMI. This setting is optional. If left blank, CloudCore will use the AMI specified in amazonLinuxAmiName. For CloudOps for AWS 3.2, images based off of Amazon Linux must use Amazon Linux 2. |
amazonOptimizedEcsAmiName | An Amazon provided ECS-optimized Amazon Linux AMI. Used as the default AMI to build the base Elastic Path ECS AMI. This parameter should not be modified. |
amazonLinuxAmiName | An Amazon provided Amazon Linux AMI. Used as the default AMI to build the base Elastic Path Linux AMI. This parameter should not be modified. |
jenkinsVersion | The version of Jenkins CloudCore will use to create the Jenkins server. |
consulVersion | The version of Consul CloudCore will use to create the configuration store. |
activemqVersion | The version of ActiveMQ CloudOps will use when deploying EP Commerce. |
tomcatVersion | The version of Tomcat CloudOps will use with EP application servers. |
javaDownloadUrl | A Java JRE (Java Runtime Environment) download link. |
rdsVersion | The RDS (Relational Database Service) engine version CloudOps will use when deploying EP Commerce databases. |
rdsParameterGroup | The RDS parameter group CloudOps will use when deploying EP Commerce databases. |