AWSTemplateFormatVersion: '2010-09-09' Description: Template for an IBM Cloud Pak for Data deployment with existing VPC. **WARNING** This template creates EC2 instances and related resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1pek09fje) Metadata: QuickStartDocumentation: EntrypointName: "Parameters for deploying into an existing VPC" Order: "2" AWSAMIRegionMap: Filters: RHEL76HVM: name: RHEL-7.6_HVM_GA-20??????-x86_64-0-Hourly2-GP2 owner-id: "309956199498" architecture: x86_64 virtualization-type: hvm AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Network configuration Parameters: - NumberOfAZs - AvailabilityZones - VPCID - VPCCIDR - PrivateSubnet1ID - PrivateSubnet2ID - PrivateSubnet3ID - PublicSubnet1ID - PublicSubnet2ID - PublicSubnet3ID - BootNodeAccessCIDR - ClusterNetworkCIDR - Label: default: DNS configuration Parameters: - DomainName - Label: default: Amazon EC2 configuration Parameters: - KeyPairName - Label: default: OpenShift hosts configuration Parameters: - NumberOfMaster - NumberOfCompute - MasterInstanceType - ComputeInstanceType - AdminPassword - ClusterName - EnableFips - PrivateCluster - Label: default: Storage Configuration Parameters: - StorageType - PortworxSpec - NumberOfOCS - OCSInstanceType - Label: default: Red Hat subscription information Parameters: - RedhatPullSecret - Label: default: IBM Cloud Pak for Data configuration Parameters: - LicenseAgreement - ICPDVersion - APIUsername - APIKey - Namespace - ICPDDeploymentLogsBucketName - WKC - WML - DV - WSL - OpenScale - Spark - CDE - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3BucketRegion - QSS3KeyPrefix ParameterLabels: KeyPairName: default: Key pair name PrivateSubnet1ID: default: Private subnet 1 ID PrivateSubnet2ID: default: Private subnet 2 ID PrivateSubnet3ID: default: Private subnet 3 ID PublicSubnet1ID: default: Public subnet 1 ID PublicSubnet2ID: default: Public subnet 2 ID PublicSubnet3ID: default: Public subnet 3 ID QSS3BucketName: default: Quick Start S3 bucket name QSS3BucketRegion: default: Quick Start S3 bucket region QSS3KeyPrefix: default: Quick Start S3 key prefix BootNodeAccessCIDR: default: Boot node external access CIDR ClusterNetworkCIDR: default: Cluster network CIDR VPCID: default: VPC ID VPCCIDR: default: VPC CIDR AdminPassword: default: Cloud Pak for Data UI password RedhatPullSecret: default: Red Hat pull secret NumberOfAZs: default: Number of Availability Zones AvailabilityZones: default: Availability Zones MasterInstanceType: default: Master instance type OCSInstanceType: default: OCS instance type ComputeInstanceType: default: Compute instance type NumberOfMaster: default: Number of master nodes NumberOfOCS: default: Number of ocs nodes NumberOfCompute: default: Number of compute nodes ICPDDeploymentLogsBucketName: default: Output S3 bucket name DomainName: default: Domain name ClusterName: default: Cluster name StorageType: default: Cluster storage type PortworxSpec: default: Portworx spec file EnableFips: default: Enable Fips PrivateCluster: default: Publish the user-facing endpoints of your cluster. LicenseAgreement: default: License agreement WSL: default: Watson Studio service WML: default: Watson Machine Learning service WKC: default: Watson Knowledge Catalog service DV: default: Data Virtualization service OpenScale: default: Watson OpenScale and Watson Machine Learning services CDE: default: Cognos Dashboard service Spark: default: Analytics Engine powered by Apache Spark service APIUsername: default: IBM Cloud Pak for Data API user name APIKey: default: IBM Cloud Pak for Data API key ICPDVersion: default: IBM Cloud Pak for Data version Namespace: default: OpenShift project Parameters: DV: Description: >- Choose True to install the Data Virtualization service. Type: String AllowedValues: - "False" - "True" Default: "False" WML: Description: >- Choose True to install the Watson Machine Learning service. Type: String AllowedValues: - "False" - "True" Default: "False" WSL: Description: >- Choose True to install the Watson Studio service. Type: String AllowedValues: - "False" - "True" Default: "False" WKC: Description: >- Choose True to install the Watson Knowledge Catalog service. Type: String AllowedValues: - "False" - "True" Default: "False" OpenScale: Description: >- Choose True to install the Watson OpenScale and Watson Machine Learning services. Type: String AllowedValues: - "False" - "True" Default: "False" CDE: Description: >- Choose True to install the Cognos Dashboard Engine service. Type: String AllowedValues: - "False" - "True" Default: "False" Spark: Description: >- Choose True to install the Analytics Engine powered by Apache Spark service. Type: String AllowedValues: - "False" - "True" Default: "False" APIUsername: Description: >- The IBM Cloud Pak for Data user name to access IBM Container Registry. Type: String Default: "cp" APIKey: Description: >- The IBM Cloud Pak for Data API key to access IBM Container Registry. Type: String NoEcho: 'true' KeyPairName: Description: The name of an existing public/private key pair, which allows you to securely connect to your instance after it launches. Type: AWS::EC2::KeyPair::KeyName PrivateSubnet1ID: Description: The ID of the private subnet in Availability Zone 1 for the workload (e.g., subnet-a0246dcd). Type: String PrivateSubnet2ID: Description: The ID of the private subnet in Availability Zone 2 for the workload (e.g., subnet-b1f432cd). Type: String PrivateSubnet3ID: Description: The ID of the private subnet in Availability Zone 3 for the workload (e.g., subnet-b1f4a2cd). Type: String PublicSubnet1ID: Description: The ID of the public subnet in Availability Zone 1 for the ELB load balancer (e.g., subnet-9bc642ac). Type: String PublicSubnet2ID: Description: The ID of the public subnet in Availability Zone 2 for the ELB load balancer (e.g., subnet-e3246d8e). Type: String PublicSubnet3ID: Description: The ID of the public subnet in Availability Zone 3 for the ELB load balancer (e.g., subnet-e324ad8e). Type: String QSS3BucketName: AllowedPattern: ^[0-9a-zA-Z]+([0-9a-zA-Z-]*[0-9a-zA-Z])*$ ConstraintDescription: Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart Description: S3 bucket name for the Quick Start assets. This string can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Type: String QSS3BucketRegion: Default: 'us-east-1' Description: 'The AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value.' Type: String QSS3KeyPrefix: AllowedPattern: ^[0-9a-zA-Z-/]*$ ConstraintDescription: Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Default: quickstart-ibm-icp-for-data/ Description: S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). Type: String BootNodeAccessCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: The CIDR IP range that is permitted to access boot node instance. We recommend that you set this value to a trusted IP range. The value `0.0.0.0/0` permits all IP addresses to access. Additional values can be added post-deployment from the Amazon EC2 console. Type: String ClusterNetworkCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/x Description: The Cluster Network CIDR IP range that is used as IP address pools for pods. Type: String Default: 10.128.0.0/14 AdminPassword: Description: The password for the Cloud Pak for Data web client. The password must contain at least 8 characters, including letters (with a minimum of one capital letter), numbers, and symbols. Type: String MinLength: '8' AllowedPattern: ^[^ \\']+$ NoEcho: 'true' RedhatPullSecret: Description: Your Red Hat Network (RHN) pull secret(e.g., s3://my-bucket/path/to/portworxspec.yaml). Type: String VPCCIDR: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/16 Description: The CIDR block of the existing VPC. Type: String VPCID: Description: The ID of your existing VPC for deployment. Type: AWS::EC2::VPC::Id MasterInstanceType: Default: m5.xlarge AllowedValues: - m5.xlarge - m5.2xlarge - m5d.xlarge - m5d.2xlarge ConstraintDescription: Must contain valid instance type Description: The EC2 instance type for the OpenShift master instances. Type: String OCSInstanceType: Default: m4.4xlarge AllowedValues: - m4.4xlarge - m4.8xlarge - m5.8xlarge - m5.12xlarge - c5.8xlarge - c5.12xlarge - c5.9xlarge - r5.4xlarge - r5.8xlarge - r5.12xlarge - m4.10xlarge - c4.8xlarge ConstraintDescription: Must contain valid instance type Description: Update this value if Storage type selected is OCS. The EC2 instance type for the OpenShift Container Storage instances. Type: String ComputeInstanceType: Default: m5.4xlarge AllowedValues: - m5.4xlarge - m5.8xlarge - m5.12xlarge - m5.24xlarge - m5a.4xlarge - m5a.8xlarge - m5a.12xlarge - m5a.24xlarge - c5.4xlarge - c5.9xlarge - c5.12xlarge - c5.18xlarge - c5.24xlarge - r5.4xlarge - r5.9xlarge - r5.12xlarge - r5.18xlarge - r5.24xlarge ConstraintDescription: Must contain valid instance type Description: The EC2 instance type for the OpenShift compute instances. Type: String NumberOfAZs: Default: 3 Description: >- The number of Availability Zones to be used for the deployment. Keep in mind that some regions may be limited to two Availability Zones. For a single IBM Cloud Pak for Data cluster to be highly available, three Availability Zones are needed to avoid a single point of failure when using three, five, or seven master nodes. With fewer than three Availability Zones, one of the AZs will have more master nodes. Type: Number AllowedValues: - 1 - 3 AvailabilityZones: Description: The list of Availability Zones to use for the subnets in the VPC. The Quick Start uses one or three Availability Zones and preserves the logical order you specify. Type: List NumberOfMaster: Default: '3' Description: The desired capacity for the OpenShift master instances. Must be an odd number.A minimum of 3 is required. Type: String AllowedPattern: '^[3579]$|(^[3-9]+[3579]$)' NumberOfOCS: Default: '3' Description: TUpdate this value if Storage type selected is OCS. he desired capacity for the OpenShift container storage instances. Minimum of 3 is required. Type: String AllowedPattern: '^[3579]$|(^[3-9]+[3579]$)' NumberOfCompute: Default: '3' Description: The desired capacity for the OpenShift compute instances. Minimum of 3 nodes required. If the number of compute instances exceeds your Red Hat entitlement limits or AWS instance limits, the stack will fail. Choose a number that is within your limits. Type: Number ICPDDeploymentLogsBucketName: Description: 'The name of the S3 bucket where IBM Cloud Pak for Data deployment logs are to be exported. The deployment logs provide a record of the boot strap scripting actions and are useful for problem determination if the deployment fails in some way.' Type: String Default: '' DomainName: Description: 'Amazon Route53 base domain configured for your OpenShift Container Platform cluster. Name must consist of lower case alphanumeric characters and must start and end with an alphanumeric character.' Type: String Default: "" ClusterName: Default: "" Description: Custom cluster name for kubernetes.io/cluster/tags. Type: String AllowedPattern: ^[0-9a-z-]*$ StorageType: Description: Select either Portworx or Openshift Container Storage as default Storage class. Type: String AllowedValues: - "OCS" - "Portworx" - "EFS" Default: "OCS" PortworxSpec: Description: Update this value if Storage type selected is Portworx. S3 path of Portworx Spec(e.g., s3://my-bucket/path/to/portworxspec.yaml). Type: String Default: "" EnableFips: Description: Enable Fips for Openshift Type: String AllowedValues: - "False" - "True" Default: "False" PrivateCluster: Description: To Deploy a Private cluster select Internal and External for Public cluster Type: String AllowedValues: - "Internal" - "External" Default: "External" ICPDVersion: Description: >- The version of Cloud Pak for Data to be deployed. Currently only v3.5 is supported. Type: String AllowedValues: - 3.5.2 Default: 3.5.2 LicenseAgreement: Description: >- I have read and agree to the license terms for IBM Cloud Pak for Data (https://ibm.biz/BdfEkc). Type: String Default: '-' AllowedValues: - I agree - '-' ConstraintDescription: must answer 'I agree' Namespace: Description: >- The OpenShift project that will be created for deploying Cloud Pak for Data. It can be any lowercase string. Type: String AllowedPattern: '^[a-z0-9_\-]+$' Default: "zen" Mappings: AWSAMIRegionMap: eu-central-1: RHEL76HVM: ami-062dacb006c5860f9 COREOS: ami-0bd7175ff5b1aef0c ap-southeast-2: RHEL76HVM: ami-0f1ef883e90ca71c0 COREOS: ami-069450613262ba03c eu-west-1: RHEL76HVM: ami-0a0d2dc2f521ddce6 COREOS: ami-01b89df58b5d4d5fa us-east-1: RHEL76HVM: ami-0916c408cb02e310b COREOS: ami-04a16d506e5b0e246 us-east-2: RHEL76HVM: ami-03cfe750d5ea278f5 COREOS: ami-0a1f868ad58ea59a7 us-west-2: RHEL76HVM: ami-04b7963c90686dd4c COREOS: ami-0dd9008abadc519f1 ap-northeast-1: RHEL76HVM: ami-0dc41c7805e171046 COREOS: ami-04e5b5722a55846ea eu-west-2: RHEL76HVM: ami-096fbd31de0375d2a COREOS: ami-06f6e31ddd554f89d eu-west-3: RHEL76HVM: ami-025fb013ee01513b5 COREOS: ami-0dc82e2517ded15a1 ap-southeast-1: RHEL76HVM: ami-07cafca3788493264 COREOS: ami-0630e03f75e02eec4 eu-north-1: RHEL76HVM: ami-75941f0b COREOS: ami-06c9ec42d0a839ad2 ap-south-1: RHEL76HVM: ami-021912f2c8d2c70c9 COREOS: ami-09e3deb397cc526a8 ap-northeast-2: RHEL76HVM: ami-0b5425629eb18a008 COREOS: ami-0fdc25c8a0273a742 sa-east-1: RHEL76HVM: ami-048b2348ac2ccfc53 COREOS: ami-0cd44e6dd20e6c7fa ca-central-1: RHEL76HVM: ami-05816666b3178f208 COREOS: ami-012518cdbd3057dfd us-west-1: RHEL76HVM: ami-0388d197bb42be9be COREOS: ami-0a65d76e3a6f6622f AWSRegionS3Bucket: ap-northeast-1: ICPDArchiveBucket: ibm-cloud-private-data-ap-northeast-1 ap-northeast-2: ICPDArchiveBucket: ibm-cloud-private-data-ap-northeast-2 ap-northeast-3: ICPDArchiveBucket: ibm-cloud-private-data-ap-northeast-3 ap-south-1: ICPDArchiveBucket: ibm-cloud-private-data-ap-south-1 ap-southeast-1: ICPDArchiveBucket: ibm-cloud-private-data-ap-southeast-1 ap-southeast-2: ICPDArchiveBucket: ibm-cloud-private-data-ap-southeast-2 ca-central-1: ICPDArchiveBucket: ibm-cloud-private-data-ca-central-1 eu-central-1: ICPDArchiveBucket: ibm-cloud-private-data-eu-central-1 eu-north-1: ICPDArchiveBucket: ibm-cloud-private-data-eu-north-1 eu-west-1: ICPDArchiveBucket: ibm-cloud-private-data-eu-west-1 eu-west-2: ICPDArchiveBucket: ibm-cloud-private-data-eu-west-2 eu-west-3: ICPDArchiveBucket: ibm-cloud-private-data-eu-west-3 sa-east-1: ICPDArchiveBucket: ibm-cloud-private-data-sa-east-1 us-east-1: ICPDArchiveBucket: ibm-cloud-private-data-us-east-1 us-east-2: ICPDArchiveBucket: ibm-cloud-private-data-us-east-2 us-west-1: ICPDArchiveBucket: ibm-cloud-private-data-us-west-1 us-west-2: ICPDArchiveBucket: ibm-cloud-private-data-us-west-2 Rules: LicenseAgreementRule: Assertions: - Assert: Fn::Contains: - - I agree - Ref: LicenseAgreement AssertDescription: User must agree to the terms of the license agreement. SubnetsInVPC: Assertions: - Assert: !EachMemberIn - !ValueOfAll - AWS::EC2::Subnet::Id - VpcId - !RefAll 'AWS::EC2::VPC::Id' AssertDescription: All subnets must in the VPC Conditions: CreateEFS: !Equals [!Ref StorageType, "EFS"] 3AZCondition: !Equals [!Ref NumberOfAZs, 3] UsingDefaultBucket: !Equals [!Ref QSS3BucketName, 'aws-quickstart'] Resources: CPDIAMUser: Type: 'AWS::IAM::User' Properties: ManagedPolicyArns: - arn:aws:iam::aws:policy/AdministratorAccess CPDIAMUserAccessKey: Type: 'AWS::IAM::AccessKey' Properties: UserName: !Ref CPDIAMUser CPDSecret: Type: "AWS::SecretsManager::Secret" Properties: SecretString: !Sub '{"adminPassword":"${AdminPassword}","apikey":"${APIKey}"}' OpenshiftSecret: Type: "AWS::SecretsManager::Secret" Properties: SecretString: !Sub '{"ocpPassword":""}' ClusterSharedStorage: Type: AWS::CloudFormation::Stack Condition: CreateEFS Properties: TemplateURL: !Sub - >- https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/shared-storage.template.yaml - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] S3Region: !If [UsingDefaultBucket, !Ref 'AWS::Region', !Ref QSS3BucketRegion] Parameters: AvailabilityZoneCount: !Ref NumberOfAZs PrivateSubnetIds: !If - 3AZCondition - !Join [',',[!Ref PrivateSubnet1ID, !Ref PrivateSubnet2ID, !Ref PrivateSubnet3ID]] - !Ref PrivateSubnet1ID PrivateSubnetCIDR: !Ref 'VPCCIDR' ICPDVPC: !Ref 'VPCID' LambdaExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: lambda.amazonaws.com Action: sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM Path: / Policies: - PolicyName: lambda-cleanUpLambda PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - ssm:SendCommand - ssm:PutParameter - ssm:GetParameter - ssm:DeleteParameter Resource: - '*' - Effect: Allow Action: - logs:FilterLogEvents Resource: - '*' BootNodeIamRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "ec2.amazonaws.com" Action: - "sts:AssumeRole" Path: "/" ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM - arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess Policies: - PolicyName: bootnode-policy PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: "ec2:Describe*" Resource: "*" - Effect: "Allow" Action: "ec2:AttachVolume" Resource: "*" - Effect: "Allow" Action: "ec2:DetachVolume" Resource: "*" - Effect: "Allow" Action: "s3:GetObject" Resource: !Sub - arn:${AWS::Partition}:s3:::${S3Bucket}/${QSS3KeyPrefix}* - S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] - Effect: "Allow" Action: - "secretsmanager:GetSecretValue" - "secretsmanager:UpdateSecret" Resource: - !Ref CPDSecret - !Ref AWSCredentialSecret - !Ref OpenshiftSecret - Effect: "Allow" Action: "s3:ListBucket" Resource: !Sub arn:aws:s3:::${ICPDDeploymentLogsBucketName} - Effect: "Allow" Action: "s3:PutObject" Resource: !Sub arn:aws:s3:::${ICPDDeploymentLogsBucketName}/* - Effect: Allow Action: - ssm:SendCommand - ssm:PutParameter - ssm:GetParameter Resource: - '*' OpenshiftURL: Type: AWS::SSM::Parameter Properties: Name: !Sub "${AWS::StackName}-OpenshiftURL" Type: String Value: "PlaceHolder" CPDURL: Type: AWS::SSM::Parameter Properties: Name: !Sub "${AWS::StackName}-CPDURL" Type: String Value: "PlaceHolder" BootnodeInstanceProfile: Type: "AWS::IAM::InstanceProfile" Properties: Path: "/" Roles: - Ref: "BootNodeIamRole" BootnodeSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Cluster Bootnode Security Group SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: !Ref BootNodeAccessCIDR VpcId: !Ref VPCID AWSCredentialSecret: Type: "AWS::SecretsManager::Secret" Properties: SecretString: !Sub - '{"aws_secret_access_key":"${CPDIAMUserAccessKey}, "aws_access_key_id":"${CPDIAMUserSecret}"}' - {CPDIAMUserAccessKey: !Ref CPDIAMUserAccessKey, CPDIAMUserSecret: !GetAtt [CPDIAMUserAccessKey, SecretAccessKey]} BootnodeInstance: Type: AWS::EC2::Instance Metadata: AWS::CloudFormation::Init: configSets: Required: - StackPropertiesFile StackPropertiesFile: files: /root/mystack.props: content: !Sub | AWS_REGION=${AWS::Region} AWS_STACKID="${AWS::StackId}" AWS_STACKNAME="${AWS::StackName}" /root/.aws/config: content: !Sub | [default] region=${AWS::Region} /root/.aws/credentials: content: !Sub - | [default] aws_access_key_id=${CPDIAMUserAccessKey} aws_secret_access_key=${CPDIAMUserSecret} - CPDIAMUserAccessKey: !Ref CPDIAMUserAccessKey CPDIAMUserSecret: !GetAtt [CPDIAMUserAccessKey, SecretAccessKey] Properties: KeyName: !Ref 'KeyPairName' ImageId: !FindInMap [AWSAMIRegionMap, !Ref "AWS::Region", RHEL76HVM] BlockDeviceMappings: - DeviceName: /dev/sda1 Ebs: VolumeSize: 500 VolumeType: gp2 IamInstanceProfile: !Ref BootnodeInstanceProfile Tags: - Key: Name Value: BootNode InstanceType: i3.large NetworkInterfaces: - GroupSet: - !Ref BootnodeSecurityGroup AssociatePublicIpAddress: true DeviceIndex: '0' DeleteOnTermination: true SubnetId: !Ref PublicSubnet1ID UserData: Fn::Base64: !Sub - | #!/bin/bash -x yum install -y git yum install -y wget yum install -y unzip yum install -y python3 git clone https://github.com/aws-quickstart/quickstart-linux-utilities.git export P=/quickstart-linux-utilities/quickstart-cfn-tools.source source $P qs_bootstrap_pip || qs_err " pip bootstrap failed " qs_aws-cfn-bootstrap || qs_err "cfn bootstrap failed" pip install awscli &> /var/log/userdata.awscli_install.log || qs_err " awscli install failed " /usr/bin/cfn-init -v --stack ${AWS::StackName} --resource BootnodeInstance --configsets Required --region ${AWS::Region} export CPD_QS_S3URI=s3://${QSS3BucketName}/${QSS3KeyPrefix} export AWS_REGION=${AWS::Region} export AWS_STACKID=${AWS::StackId} export AWS_STACKNAME=${AWS::StackName} export AMI_ID='${AMI_ID}' export CPD_SECRET='${CPDSecret}' export OCP_SECRET='${OpenshiftSecret}' export ICPDArchiveBucket='${ICPDArchiveBucket}' export EFSID='${EFSID}' export EFSDNSName='${EFSDNSName}' export ICPDInstallationCompletedURL='${ICPDInstallationCompletedHandle}' mkdir -p /quickstart mkdir -p /ibm aws s3 cp ${!CPD_QS_S3URI}scripts/bootstrap.sh /quickstart/ chmod +x /quickstart/bootstrap.sh ./quickstart/bootstrap.sh - AMI_ID: !FindInMap [AWSAMIRegionMap, !Ref "AWS::Region", COREOS] ICPDArchiveBucket: !FindInMap [AWSRegionS3Bucket, !Ref "AWS::Region", ICPDArchiveBucket] EFSID: !If [CreateEFS, !GetAtt ClusterSharedStorage.Outputs.EFSFileSystemId, ""] EFSDNSName: !If [CreateEFS, !GetAtt ClusterSharedStorage.Outputs.EFSDNSName,""] CleanUpLambda: Type: AWS::Lambda::Function Properties: Code: ZipFile: | import boto3 import json import cfnresponse import os import traceback import time def handler(event, context): responseData = {} try: print("event_obj:",json.dumps(event)) print(event['RequestType']) if event['RequestType'] == 'Delete': print("Run unsubscribe script") ssm = boto3.client('ssm',region_name=os.environ['Region']) instanceID = os.environ['BootNode'] storage = os.environ['Storage'] stackname = os.environ['StackName'] print(instanceID) response = ssm.send_command(Targets=[{"Key":"instanceids","Values":[instanceID]}], DocumentName="AWS-RunShellScript", Parameters={"commands":["/ibm/destroy.sh %s %s" %(storage,stackname)], "executionTimeout":["1200"], "workingDirectory":["/ibm"]}, Comment="Execute script in uninstall openshift", TimeoutSeconds=120) print(response) current_status = "WAIT" final_status = "READY" parameterName = stackname+"_CleanupStatus" response = ssm.put_parameter(Name=parameterName, Description="Waiting for CleanupStatus to be READY", Value=current_status, Type='String', Overwrite=True) print(response) while(current_status!=final_status): time.sleep(30) response = ssm.get_parameter(Name=parameterName) parameter = response.get('Parameter') current_status = parameter.get('Value') print(current_status) ssm.delete_parameter(Name=parameterName) except Exception as e: print(e) traceback.print_exc() cfnresponse.send(event, context, cfnresponse.SUCCESS, {}, '') Environment: Variables: Region: !Ref AWS::Region BootNode: !Ref BootnodeInstance Storage: !Ref StorageType StackName: !Ref AWS::StackName Handler: index.handler Role: !GetAtt 'LambdaExecutionRole.Arn' Runtime: python3.8 Timeout: 600 Cleanup : Type: Custom::Cleanup Properties: DependsOn: BootnodeInstance ServiceToken: !GetAtt 'CleanUpLambda.Arn' ICPDInstallationCompletedHandle: Type: AWS::CloudFormation::WaitConditionHandle ICPDInstallationCompleted: Type: AWS::CloudFormation::WaitCondition Properties: Count: 1 Handle: !Ref ICPDInstallationCompletedHandle Timeout: '30000' Outputs: BootnodeInstanceId: Description: Bootnode Instance ID. Value: !Ref BootnodeInstance BootnodePublicIp: Description: The boot node public IP address. Value: !GetAtt BootnodeInstance.PublicIp OpenshiftURLValue: Description: The URL for the OpenShift UI. Value: !GetAtt OpenshiftURL.Value ICPDWebClientURL : Description: CloudPak for Data web client URL. Value: !GetAtt CPDURL.Value OpenshiftPassword: Description: OpenShift password secret. Value: !Ref OpenshiftSecret