Initializing CloudDeploy · CloudOps for AWS

important

CloudOps for AWS is a legacy tool and is no longer supported by Elastic Path Software. CloudOps for AWS release 3.5.x reached end-of-support in February 2023. For information about current Elastic Path Commerce deployment options, see Deploying Elastic Path Commerce documentation.

This section provides instructions to initialize the CloudDeploy component. For generic instructions on initializing CloudOps components, see Initializing CloudOps Components.

Prerequisites

Ensure that the requirements listed in the Requirements page are met
Ensure that the CloudCore component is successfully initialized. For more information on initializing CloudCore, see Initializing CloudCore
If you use CloudTeam to create deployment packages, ensure that the CloudTeam BuildPipeline Jenkins job is completed successfully

Procedure

Clone the CloudDeploy repository from the Git repository hosting service as described in the Requirements page.
Check out the branch for this version of CloudDeploy that you want to initialize.
Run the following command to copy a private SSH key authorized to clone from the Git repository hosting service to the Containers/bootstrap/ sub-directory. The private SSH key must not be password protected:
```
cp /path/to/${PRIVATE_GIT_KEY} path/to/cloud-deploy-aws/Containers/bootstrap/
```
Edit the runBootstrap.sh script with the required parameters. For information on each runBootstrap.sh parameter for CloudDeploy, see runBootstrap.sh settings below.
Run the runBootstrap.sh script.

Tip: Monitor the progress of the initialization in the terminal window and in the AWS (Amazon Web Services) CloudFormation web console.

Tip: Save console output to file: bash runBootstrap.sh |& tee clouddeploy-bootstrap-`date '+%Y-%m-%d-%H-%M-%S'`.txt
Validate the CloudDeploy initialization. For instructions, see Validating CloudDeploy Initialization below

Initialization Details

The bootstrap container builds the bootstrap job. The bootstrap job generates and runs the following jobs:

InitPipeline
BuildBaseImage
BuildActiveMQ
BuildEPImage
BuildMySQL

With the completion of the InitPipeline job, the artifacts required for deploying Elastic Path Commerce are also generated.

Validating CloudDeploy Initialization

After running the bootstrap container to initialize CloudDeploy, validate the following to ensure that CloudDeploy is setup as required.

AWS Security Groups

Access to resources created by CloudOps is controlled through AWS Security Groups. This includes EP Commerce environments deployed by CloudDeploy. By default, CloudOps only grants access to these resources to the IP address from which CloudCore was initialized. For more information about the security groups, see Security in Elastic Path CloudOps for AWS.

Warning: Access to the Public security group must be restricted as it grants access to the Config Store. The Config Store contains sensitive information including EC2 keys and other credentials.

Granting additional access to EP Commerce environments

Identify the external IP address of the users who will need access to the EP Commerce environments
Update the Public security group as needed

AWS CloudFormation Stacks

Ensure that the following CloudFormation stacks have completed successfully:

EP-CD-RDS-Subnet-Group: Creates a subnet group for RDS (Relational Database Service) instances
EP-CD-ECS-Image-Repositories: Creates the Elastic Container Registries (ECRs) required for deployment
EP-CD-Lambda-Function: Creates the Lambda Functions required for Author and Live deployment

AWS S3 Bucket

Ensure that the ep-cloudops-<account_id> Amazon S3 bucket exists and contains:

A Dependencies folder with the following structure:

Dependencies/
|
|---jdbc/

Elastic Container Registries (ECRs)

Confirm the following ECRs are created:

activemq
batch
amazonlinux-java
cm
cortex
data-pop-tool
data-sync
integration
mysql
search
tomcat

Jenkins Jobs

Confirm that the following Jenkins views are added to the CloudDeploy folder:

All
Builds
Deployments
Other

Under the 'All’ Jenkins view, confirm all the following Jenkins jobs exist:

AuthorizeAwsAccountToPullEcrImages
bootstrap
BuildActiveMQ
BuildBaseImage
BuildEPImage
BuildMySQL
CleanDockerImages
CreateEcsAmi
DeployAuthorAndLive
DeploySingleInstance
InitPipeline
PullDockerImages
Setup-AWS-SES
TeardownEnvironments
UpdateAuthorAndLive_1_StageUpdates
UpdateAuthorAndLive_2_ApplyUpdates
UpdateSingleInstance
Verify-Domain-for-SES

If you access Jenkins immediately after the bootstrap process is completed, a Jenkins job named bootstrap starts running. The bootstrap job is responsible for populating the CloudDeploy folder with the other jobs and for triggering the InitPipeline job. You can find the source for the bootstrap job in Jenkins at: cloud-deploy-aws/Jobs/bootstrap/bootstrap.groovy.

Reference Materials

`runBootstrap.sh` Settings

You must provide the following details to initialize the CloudDeploy component:

Field	Description
`epCloudDeployGitRepoUrl`	The SSH URL to the CloudDeploy repository.
`epDockerGitRepoUrl`	The SSH URL to the CloudOps Docker repository.
`epCloudDeployBranch`	The branch and release version to use for CloudDeploy initialization. This setting is optional. If left blank, the system sets the value to master.
`epDockerBranch`	The branch and version to use to build Docker images needed to deploy Elastic Path Commerce. This setting is optional. If left blank, the system sets the value to master.
`cloudDeployGitSSHKeyFileName`	The name of the private SSH key that is authorized to clone from `epCloudDeployGitRepoUrl`. The key must be located in the same directory as CloudDeploy’s bootstrap Dockerfile, `Containers/bootstrap/`, and must not be password protected.
`dockerGitSSHKeyFileName`	The name of the private SSH key that is authorized to clone from `epDockerGitRepoUrl`. The key must be located in the same directory as CloudDeploy’s bootstrap Dockerfile, `Containers/bootstrap/`, and must not be password protected.
`cloudDeployGitUsername`	This setting is optional if you don’t use AWS CodeCommit. If you use AWS CodeCommit as a git service for all CloudOps repositories, use the 'SSH Key ID’ as mentioned in the Setup Steps for SSH Connections to AWS CodeCommit Repositories.
`dockerGitUsername`	This setting is optional if you don’t use AWS CodeCommit. If you use AWS CodeCommit as a git service for all CloudOps repositories, use the 'SSH Key ID’ as mentioned in the Setup Steps for SSH Connections to AWS CodeCommit Repositories.
`awsAccessKeyId`	The access key ID for the AWS account used to initialize CloudCore. You must use the same AWS account that you used to initialize CloudCore.
`awsSecretAccessKey`	The secret access key for the AWS account used to initialize CloudCore. You must use the same AWS account that you used to initialize CloudCore.
`awsRegion`	The region in which CloudCore is initialized. You must not change this setting to a different region. The default setting is `us-west-2`.
`epConfigStoreUrl`	The complete URL of the config store created in CloudCore, including `http://` or `https://` prefix.
`epDeploymentPackageUrl`	The Amazon S3 URI of the deployment package to use when you build initial Elastic Path Docker images. The format for the URL is `s3://<bucket-name>/<path-to-deployment-pkg>`.