AWSTemplateFormatVersion: "2010-09-09" Description: Provides configuration for a Deadline database and repository instance. Parameters: PrivateSubnet1: Type: AWS::EC2::Subnet::Id RepositorySecurityGroup: Type: AWS::EC2::SecurityGroup::Id InstanceType: Type: String InstanceAMI: Type: AWS::EC2::Image::Id EC2InstanceProfile: Type: String AppVersion: Type: String EC2UserPassword: Type: String NoEcho: true ArtefactBucketName: Type: String Environment: Type: String EfsFileSystem: Type: String Resources: RepositoryInstance: CreationPolicy: ResourceSignal: Count: 1 Timeout: PT30M Type: AWS::EC2::Instance Metadata: AWS::CloudFormation::Init: configSets: dcc_install: - instance_prep - artefacts_download - app_install instance_prep: packages: yum: samba: [] files: /opt/scripts/ec2-mount-ebs-volume.sh: content: | #!/usr/bin/env bash mkdir -p /data while [ ! -b $(readlink -f /dev/xvdh) ]; do echo "waiting for device /dev/xvdh"; sleep 5 ; done blkid $(readlink -f /dev/xvdh) || mkfs -t ext4 $(readlink -f /dev/xvdh) e2label $(readlink -f /dev/xvdh) dcc-data grep -q ^LABEL=dcc-data /etc/fstab || echo 'LABEL=dcc-data /data ext4 defaults' >> /etc/fstab grep -q "^$(readlink -f /dev/xvdh) /data " /proc/mounts || mount /data mode: "000755" owner: root group: root /opt/scripts/dns.sh: content: !Sub | #!/usr/bin/env bash results=1 while [[ $results != 0 ]]; do nslookup ${EfsFileSystem}.efs.${AWS::Region}.amazonaws.com results=$? if [[ $results = 1 ]]; then sleep 30s fi done mode: "000755" owner: root group: root /etc/cfn/cfn-hup.conf: content: !Sub | [main] stack=${AWS::StackId} region=${AWS::Region} interval=1 mode: "000400" owner: root group: root /etc/cfn/hooks.d/cfn-auto-reloader.conf: content: !Sub | [cfn-auto-reloader-hook] triggers=post.update path=Resources.RepositoryInstance.Metadata.AWS::CloudFormation::Init action=/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource RepositoryInstance --configsets dcc_install --region ${AWS::Region} runas=root mode: "000400" owner: root group: root commands: 01-mount-ebs-volume: command: sh /opt/scripts/ec2-mount-ebs-volume.sh > /opt/scripts/ec2-mount-ebs-volume.log 2>&1 test: test -x /opt/scripts/ec2-mount-ebs-volume.sh # check if filename exists and is executable ignoreErrors: false 02-wait_for_dns_propogation: command: sh /opt/scripts/dns.sh 03-mount_efs: command: !Sub | #!/bin/bash -xe EFS_DIRECTORY=/mnt/efs mkdir $EFS_DIRECTORY echo "${EfsFileSystem}:/ $EFS_DIRECTORY efs _netdev" >> /etc/fstab mount -a -t efs defaults 04-set-ec2-user-password: command: !Sub echo ${EC2UserPassword} | tee - | passwd ec2-user services: sysvinit: cfn-hup: enabled: true ensureRunning: true files: - /etc/cfn/cfn-hup.conf - /etc/cfn/hooks.d/cfn-auto-reloader.conf amazon-ssm-agent: enabled: true ensureRunning: true artefacts_download: sources: /data/thinkbox: !Sub https://${ArtefactBucketName}.s3.amazonaws.com/Deadline-${AppVersion}-linux-installers.tar app_install: commands: 05-install_repository: command: | ls /data/thinkbox | grep DeadlineRepository | \ (read data; /data/thinkbox/$data \ --mode unattended \ --prefix "/mnt/efs/DeadlineRepository10" \ --installmongodb true \ --mongodir "/opt/Thinkbox/DeadlineDatabase10" \ --requireSSL false) ignoreErrors: true 07-set_repo_permissions: command: | chown -R ec2-user:nobody /mnt/efs/DeadlineRepository10 chmod -R 505 /mnt/efs/DeadlineRepository10 cd /mnt/efs/DeadlineRepository10 && chmod -R 707 jobs/ jobsArchived/ reports/ ignoreErrors: false Properties: BlockDeviceMappings: - DeviceName: /dev/xvdh Ebs: VolumeSize: 100 VolumeType: gp2 Encrypted: true DeleteOnTermination: true IamInstanceProfile: !Ref EC2InstanceProfile ImageId: !Ref InstanceAMI InstanceType: !Ref InstanceType SecurityGroupIds: - !Ref RepositorySecurityGroup SubnetId: !Ref PrivateSubnet1 Tags: - Key: Name Value: deadline-repository - Key: Environment Value: !Ref Environment UserData: !Base64 Fn::Sub: | #!/bin/bash -xe # Update aws-cfn-bootstrap to the latest yum install -y aws-cfn-bootstrap # Install efs-utils yum install -y amazon-efs-utils # !!!Warning: issue with en/disabling SELinux in enforcing mode on the latest Amazon Linux 2 AMIs with version numbers 20191014 and 20191024 # sed -i 's/enforcing/disabled/g' /etc/selinux/config /etc/selinux/config # sudo setenforce 0 # Call cfn-init script to install files and packages /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource RepositoryInstance --configsets dcc_install --region ${AWS::Region} # Call cfn-signal script to send a signal with exit code /opt/aws/bin/cfn-signal --exit-code $? --stack ${AWS::StackName} --resource RepositoryInstance --region ${AWS::Region} Outputs: RepositoryInstancePrivateIp: Value: !GetAtt RepositoryInstance.PrivateIp DeadlineVersion: Value: !Ref AppVersion