Merge pull request #32 from awslabs/develop

Merge develop with v0.0.21 release

Author: dougalb

CHANGELOG.rst

@@ -2,6 +2,13 @@
 CHANGELOG
 =========
 
+0.0.21
+=======
+* feature:``cfncluster``: Support for dedicated tenancy
+* feature:``cfncluster``: Support for customer provided KMS keys (EBS and ephemeral)
+* updates:``ami``: Pulled latest CentOS6 errata
+* feature:``cfncluster``: Support for M4 instances
+
 0.0.20
 ======
 * feature:``cfncluster``: Support for D2 instances

amis.txt

@@ -1,9 +1,10 @@
-us-west-2 ami-39d1fb09
-eu-central-1 ami-36eed22b
-sa-east-1 ami-19890c04
-ap-northeast-1 ami-e051abe0
-eu-west-1 ami-6f305018
-us-east-1 ami-f07f4598
-us-west-1 ami-a703e1e3
-ap-southeast-2 ami-4709747d
-ap-southeast-1 ami-d88bb98a
+us-west-2 ami-b7bb8387
+eu-central-1 ami-9886bf85
+sa-east-1 ami-853fbf98
+ap-northeast-1 ami-10aa7310
+eu-west-1 ami-5d6d132a
+us-east-1 ami-77fe0b1c
+us-west-1 ami-036f8547
+ap-southeast-2 ami-8d6b10b7
+ap-southeast-1 ami-b2d7ede0
+us-gov-west-1 ami-3d82e21e

bootstrap/src/scripts/boot_as_master

@@ -68,9 +68,9 @@ dev=$(stat /dev/disk/by-ebs-volumeid/${cfn_volume}|grep -- 'File:'|awk '{print $
 fs_type=$(blkid -o list /dev/$dev | grep -- "$dev" | awk '{print $2}')
 if [ "${fs_type}x" == "x" ]; then
   mkfs.xfs /dev/disk/by-ebs-volumeid/${cfn_volume} || RC=1
+  fs_type="xfs"
   sleep 5
 fi
-fs_type=$(blkid -o list | grep -- "$dev" | awk '{print $2}')
 echo "/dev/disk/by-ebs-volumeid/${cfn_volume} ${cfn_shared_dir} $fs_type noatime,nodiratime,_netdev 0 0" >> /etc/fstab
 mkdir -p ${cfn_shared_dir} || RC=1
 mount -v ${cfn_shared_dir} || RC=1

bootstrap/src/scripts/functions.shlib

@@ -111,7 +111,17 @@ function setup_ephemeral_drives () {
       mkfs -q /dev/ram1 1024 || RC=1
       mkdir -p /root/keystore || RC=1
       mount /dev/ram1 /root/keystore || RC=1
-      dd if=/dev/urandom of=/root/keystore/keyfile bs=1024 count=4 || RC=1
+      if [ "${cfn_ephemeral_kms_key_id}" != "NONE" ]; then
+        # Use KMS for keyfile
+        instanceId=$(curl -fs http://169.254.169.254/latest/meta-data/instance-id)
+        kms_array=($(aws --region ${cfn_region} kms generate-data-key --key-id ${cfn_ephemeral_kms_key_id} --number-of-bytes 1024 --encryption-context InstanceId=${instanceId} --output text))
+        echo -n ${kms_array[0]} > /root/keystore/keyfile || RC=1
+        echo -n ${kms_array[2]} > /root/ephemeral_ciphertext.blob || RC=1
+        chmod 0400 /root/ephemeral_ciphertext.blob || RC=1
+      else
+        # Use urandom for keyfile
+        dd if=/dev/urandom of=/root/keystore/keyfile bs=1024 count=4 || RC=1
+      fi
       chmod 0400 /root/keystore/keyfile || RC=1
       cryptsetup -q luksFormat /dev/vg.01/lv_ephemeral /root/keystore/keyfile || RC=1
       cryptsetup -d /root/keystore/keyfile luksOpen /dev/vg.01/lv_ephemeral ephemeral_luks || RC=1

cli/cfncluster/cfncluster.py

@@ -309,7 +309,8 @@ def delete(args):
                                                     aws_secret_access_key=config.aws_secret_access_key)
     try:
         cfnconn.delete_stack(stack)
-        time.sleep(5)
+        if not args.nowait:
+            time.sleep(5)
         status = cfnconn.describe_stacks(stack)[0].stack_status
         sys.stdout.write('\rStatus: %s' % status)
         sys.stdout.flush()

cli/cfncluster/cfnconfig.py

@@ -203,7 +203,8 @@ def __init__(self, args):
                                       encrypted_ephemeral=('EncryptedEphemeral',None),pre_install_args=('PreInstallArgs',None),
                                       post_install_args=('PostInstallArgs',None), s3_read_resource=('S3ReadResource',None),
                                       s3_read_write_resource=('S3ReadWriteResource',None),cwl_region=('CWLRegion',None),
-                                      cwl_log_group=('CWLLogGroup',None),shared_dir=('SharedDir',None)
+                                      cwl_log_group=('CWLLogGroup',None),shared_dir=('SharedDir',None),tenancy=('Tenancy',None),
+                                      ephemeral_kms_key_id=('EphemeralKMSKeyId',None), cluster_ready=('ClusterReadyScript','URL')
                                       )
 
         # Loop over all the cluster options and add define to parameters, raise Exception if defined but null
@@ -234,7 +235,7 @@ def __init__(self, args):
 
         # Dictionary list of all EBS options
         self.__ebs_options = dict(ebs_snapshot_id=('EBSSnapshotId','EC2Snapshot'), volume_type=('VolumeType',None),
-                                  volume_size=('VolumeSize',None),
+                                  volume_size=('VolumeSize',None), ebs_kms_key_id=('EBSKMSKeyId', None),
                                   volume_iops=('VolumeIOPS',None), encrypted=('EBSEncryption',None))
 
         try:

cli/setup.py

@@ -20,7 +20,7 @@ def read(fname):
     return open(os.path.join(os.path.dirname(__file__), fname)).read()
 
 console_scripts = ['cfncluster = cfncluster.cli:main']
-version = "0.0.20"
+version = "0.0.99"
 requires = ['boto>=2.38'] 
 
 if sys.version_info[:2] == (2, 6):

cloudformation/cfncluster.cfn.json

@@ -1,6 +1,6 @@
 {
   "AWSTemplateFormatVersion" : "2010-09-09",
-  "Description" : "AWS CloudFormation Sample Template cfncluster.cfn.json: Sample template showing an framework for deploying master + compute type clusters on AWS.  **WARNING** This template creates AWS resources. You will be billed for the AWS resources used if you create a stack from this template. Version: ami-20150415-0 cfncluster-0.0.20",
+  "Description" : "AWS CloudFormation Sample Template cfncluster.cfn.json: Sample template showing an framework for deploying master + compute type clusters on AWS.  **WARNING** This template creates AWS resources. You will be billed for the AWS resources used if you create a stack from this template. Version: ami-20150609-0 cfncluster-0.0.21",
   "Parameters" : {
     "KeyName" : {
       "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances",
@@ -46,7 +46,12 @@
         "d2.8xlarge",
         "d2.4xlarge",
         "d2.2xlarge",
-        "d2.xlarge"
+        "d2.xlarge",
+        "m4.large",
+        "m4.xlarge",
+        "m4.2xlarge",
+        "m4.4xlarge",
+        "m4.10xlarge"
       ]
     },
     "ComputeInstanceType" : {
@@ -89,7 +94,12 @@
         "d2.8xlarge",
         "d2.4xlarge",
         "d2.2xlarge",
-        "d2.xlarge"
+        "d2.xlarge",
+        "m4.large",
+        "m4.xlarge",
+        "m4.2xlarge",
+        "m4.4xlarge",
+        "m4.10xlarge"
       ]
     },
     "InitialQueueSize" : {
@@ -358,6 +368,30 @@
       "Description" : "CloudWatch Logs LogGroup",
       "Type" : "String",
       "Default" : "NONE"
+    },
+    "Tenancy" : {
+      "Description" : "Type of placement requird in cfncluster, it can either be cluster or compute.",
+      "Type" : "String",
+      "Default" : "default",
+      "AllowedValues" : [
+        "default",
+        "dedicated"
+      ]
+    },
+    "EBSKMSKeyId" : {
+      "Description" : "KMS ARN for customer created master key, will be used for EBS encryption",
+      "Type" : "String",
+      "Default" : "NONE"
+    },
+    "EphemeralKMSKeyId" : {
+      "Description" : "KMS ARN for customer created master key, will be used for ephemeral encryption",
+      "Type" : "String",
+      "Default" : "NONE"
+    },
+    "ClusterReadyScript" : {
+      "Description" : "Cluster ready script URL. This is only on the MasterServer, when the cluster reaches CREATE_COMPLETE.",
+      "Type" : "String",
+      "Default" : "NONE"
     }
   },
   "Conditions" : {
@@ -598,6 +632,57 @@
           ]
         }
       ]
+    },
+    "UseEBSKMSKey" : {
+      "Fn::And" : [
+        {
+          "Fn::Not" : [
+            {
+              "Fn::Equals" : [
+                {
+                  "Ref" : "EBSKMSKeyId"
+                },
+                "NONE"
+              ]
+            }
+          ]
+        },
+        {
+          "Condition" : "UseEBSEncryption"
+        }
+      ]
+    },
+    "UseEphemeralKMSKey" : {
+      "Fn::And" : [
+        {
+          "Fn::Not" : [
+            {
+              "Fn::Equals" : [
+                {
+                  "Ref" : "EphemeralKMSKeyId"
+                },
+                "NONE"
+              ]
+            }
+          ]
+        },
+        {
+          "Fn::Equals" : [
+            {
+              "Ref" : "EncryptedEphemeral"
+            },
+            "true"
+          ]
+        }
+      ]
+    },
+    "UseDedicatedTenancy" : {
+      "Fn::Equals" : [
+        {
+          "Ref" : "Tenancy"
+        },
+        "dedicated"
+      ]
     }
   },
   "Mappings" : {
@@ -725,38 +810,74 @@
       "t2.medium" : {
         "Arch" : "64HVM",
         "EBSOpt" : "False"
+      },
+      "d2.8xlarge" : {
+        "Arch" : "64HVM",
+        "EBSOpt" : "True"
+      },
+      "d2.4xlarge" : {
+        "Arch" : "64HVM",
+        "EBSOpt" : "True"
+      },
+      "d2.2xlarge" : {
+        "Arch" : "64HVM",
+        "EBSOpt" : "True"
+      },
+      "d2.xlarge" : {
+        "Arch" : "64HVM",
+        "EBSOpt" : "True"
+      },
+      "m4.10xlarge" : {
+        "Arch" : "64HVM",
+        "EBSOpt" : "True"
+      },
+      "m4.4xlarge" : {
+        "Arch" : "64HVM",
+        "EBSOpt" : "True"
+      },
+      "m4.2xlarge" : {
+        "Arch" : "64HVM",
+        "EBSOpt" : "True"
+      },
+      "m4.xlarge" : {
+        "Arch" : "64HVM",
+        "EBSOpt" : "True"
+      },
+      "m4.large" : {
+        "Arch" : "64HVM",
+        "EBSOpt" : "True"
       }
     },
     "AWSRegionOS2AMI" : {
       "us-west-2" : {
-        "centos6" : "ami-39d1fb09"
+        "centos6" : "ami-b7bb8387"
       },
       "eu-central-1" : {
-        "centos6" : "ami-36eed22b"
+        "centos6" : "ami-9886bf85"
       },
       "sa-east-1" : {
-        "centos6" : "ami-19890c04"
+        "centos6" : "ami-853fbf98"
       },
       "ap-northeast-1" : {
-        "centos6" : "ami-e051abe0"
+        "centos6" : "ami-10aa7310"
       },
       "eu-west-1" : {
-        "centos6" : "ami-6f305018"
+        "centos6" : "ami-5d6d132a"
       },
       "us-east-1" : {
-        "centos6" : "ami-f07f4598"
+        "centos6" : "ami-77fe0b1c"
       },
       "us-west-1" : {
-        "centos6" : "ami-a703e1e3"
+        "centos6" : "ami-036f8547"
       },
       "ap-southeast-2" : {
-        "centos6" : "ami-4709747d"
+        "centos6" : "ami-8d6b10b7"
       },
       "ap-southeast-1" : {
-        "centos6" : "ami-d88bb98a"
+        "centos6" : "ami-b2d7ede0"
       },
       "us-gov-west-1" : {
-        "centos6" : "ami-a7f99884"
+        "centos6" : "ami-3d82e21e"
       }
     },
     "ClusterUser" : {
@@ -1374,6 +1495,9 @@
               "Ref" : "AWS::NoValue"
             }
           ]
+        },
+        "Tenancy" : {
+          "Ref" : "Tenancy"
         }
       },
       "Metadata" : {
@@ -1925,7 +2049,18 @@
             }
           ]
         },
-        "InstanceMonitoring" : "false"
+        "InstanceMonitoring" : "false",
+        "PlacementTenancy" : {
+          "Fn::If" : [
+            "UseDedicatedTenancy",
+            {
+              "Ref" : "Tenancy"
+            },
+            {
+              "Ref" : "AWS::NoValue"
+            }
+          ]
+        }
       },
       "Metadata" : {
         "Comment" : "cfncluster Compute server",
@@ -2439,6 +2574,17 @@
               "Ref" : "AWS::NoValue"
             }
           ]
+        },
+        "KmsKeyId" : {
+          "Fn::If" : [
+            "UseEBSKMSKey",
+            {
+              "Ref" : "EBSKMSKeyId"
+            },
+            {
+              "Ref" : "AWS::NoValue"
+            }
+          ]
         }
       }
     },

docs/source/ami_customization.rst

@@ -0,0 +1,36 @@
+.. _ami_customization:
+
+.. toctree::
+   :maxdepth: 2
+
+################################
+Building a custom CfnCluster AMI
+################################
+
+.. warning::
+    Building a custom AMI is not the recomended approach for customizing CfnCluster.
+
+    Once you build your own AMI, you will no longer receive updates or bug fixes with future releases of CfnCluster.  You will need to repeat the steps used to create your custom AMI with each new CfnCluster release.
+
+Before reading any further, take a look at the :doc:`pre_post_install` section of the documentation to determine if the modifications you wish to make can be scripted and supported with future CfnCluster releases
+
+While not ideal, there are a number of scenarios where building a custom AMI for CfnCluster is necessary.  This tutorial will guide you through the process.
+
+How to customize the CfnCluster AMI
+===================================
+
+The base CfnCluster AMI is often updated with new releases.  This AMI has all of the components required for CfnCluster to function installed and configured.  If you wish to customize an AMI for CfnCluster, you must start with this as the base.
+
+    #. Find the AMI which corresponds with the region you will be utilizing in the list here: https://github.com/awslabs/cfncluster/blob/master/amis.txt.  
+    #. Within the EC2 Console, choose "Launch Instance".
+    #. Navigate to "Community AMIs", and enter the AMI id for your region into the search box.
+    #. Select the AMI, choose your instance type and properties, and launch your instance.
+    #. Log into your instance using the ec2-user and your SSH key.
+    #. Customize your instance as required
+    #. Run the following command to prepare your instance for AMI creation::
+
+        sudo /usr/local/sbin/ami_cleanup.sh
+
+    #. Stop the instance
+    #. Create a new AMI from the instance
+    #. Enter the AMI id in the :ref:`custom_ami_section` field within your cluster configuration.