AWS Advent 2014 – SparkleFormation: Build infrastructure with CloudFormation without losing your sanity.
Today’s post on taming CloudFormation with SparkleFormation, comes to us from Cameron Johnston of Heavy Water Operations.
The source code for this post can be found at https://github.com/hw-labs/sparkleformation-starter-kit
Introduction
This article assumes some familiarity with CloudFormation concepts such as stack parameters, resources, mappings and outputs. See the AWS Advent CloudFormation Primer for an introduction.
Although CloudFormation templates are billed as reusable, many users will attest that as these monolithic JSON documents grow larger, they become “all encompassing JSON file[s] of darkness,” and actually reusing code between templates becomes a frustrating copypasta exercise.
From another perspective these JSON documents are actually just hashes, and with a minimal DSL we can build these hashes programmatically. SparkleFormation provides a Ruby DSL for merging and compiling hashes into CFN templates, and helpers which invoke CloudFormation’s intrinsic functions (e.g. Ref, Attr, Join, Map).
SparkleFormation’s DSL implementation is intentionally loose, imposing little of its own opinion on how your template should be constructed. Provided you are already familiar with CloudFormation template concepts and some minimal ammount of Ruby, the rest is merging hashes.
Templates
Just as with CloudFormation, the template is the high-level object. In SparkleFormation we instantiate a new template like so:
|
1 |
<span class="pl-s3">SparkleFormation</span>.<span class="pl-k">new</span>(<span class="pl-c1">:foo</span>) |
But an empty template isn’t going to help us much, so let’s step into it and at least insert the requiredAWSTemplateFormatVersion specification:
|
1 2 3 |
<span class="pl-s3">SparkleFormation</span>.<span class="pl-k">new</span>(<span class="pl-c1">:foo</span>) <span class="pl-k">do</span> _set(<span class="pl-s1"><span class="pl-pds">'</span>AWSTemplateFormatVersion<span class="pl-pds">'</span></span>, <span class="pl-s1"><span class="pl-pds">'</span>2010-09-09<span class="pl-pds">'</span></span>) <span class="pl-k">end</span> |
In the above case we use the _set helper method because we are setting a top-level key with a string value. When we are working with hashes we can use a block syntax, as shown here adding a parameter to the top-level Parametershash that CloudFormation expects:
|
1 2 3 4 5 6 7 8 9 10 |
SparkleFormation.new(:foo) do _set('AWSTemplateFormatVersion', '2010-09-09') parameters(:food) do type 'String' description 'what do you want to eat?' allowed_values %w( tacos nachos hotdogs ) end end |
Reusability
SparkleFormation provides primatives to help you build templates out of reusable code, namely:
- Components
- Dynamics
- Registries
Components
Here’s a component we’ll name environment which defines our allowed environment parameter values:
|
1 2 3 4 5 6 7 8 |
<span class="pl-s3">SparkleFormation</span>.build <span class="pl-k">do</span> _set(<span class="pl-s1"><span class="pl-pds">'</span>AWSTemplateFormatVersion<span class="pl-pds">'</span></span>, <span class="pl-s1"><span class="pl-pds">'</span>2010-09-09<span class="pl-pds">'</span></span>) parameters(<span class="pl-c1">:environment</span>) <span class="pl-k">do</span> type <span class="pl-s1"><span class="pl-pds">'</span>String<span class="pl-pds">'</span></span> default <span class="pl-s1"><span class="pl-pds">'</span>test<span class="pl-pds">'</span></span> allowed_values <span class="pl-s1"><span class="pl-pds">%w(</span> test staging production <span class="pl-pds">)</span></span> <span class="pl-k">end</span> <span class="pl-k">end</span> |
Resources, parameters and other CloudFormation configuration written into a SparkleFormation component are statically inserted into any templates using the load method. Now all our stack templates can reuse the same component so updating the list of environments across our entire infrastructure becomes a snap. Once a template has loaded a component, it can then step into the configuration provided by the component to make modifications.
In this template example we load the environment component (above) and override the allowed values for the environment parameter the component provides:
|
1 2 3 4 5 |
<span class="pl-s3">SparkleFormation</span>.<span class="pl-k">new</span>(<span class="pl-c1">:perpetual_beta</span>).load(<span class="pl-c1">:environment</span>).overrides <span class="pl-k">do</span> parameters(<span class="pl-c1">:environment</span>) <span class="pl-k">do</span> allowed_values <span class="pl-s1"><span class="pl-pds">%w(</span> test staging <span class="pl-pds">)</span></span> <span class="pl-k">end</span> <span class="pl-k">end</span> |
Dynamics
Where as components are loaded once at the instantiation of a SparkleFormation template, dynamics are inserted one or more times throughout a template. They iteratively generate unique resources based on the name and optional configuration they are passed when inserted.
In this example we insert a launch_config dynamic and pass it a config object containing a run list:
|
1 2 3 4 5 6 7 |
SparkleFormation.new('zookeeper').load(:base).overrides do dynamic!(:launch_config, 'zookeeper', :run_list => ['role[zookeeperd]']) ... end |
The launch_config dynamic (not pictured) can then use intrisic functions like Fn::Join to insert data passed in the config deep inside a launch configuration, as in this case where we want our template to tell Chef what our run list should be.
Registries
Similar to dynamics, a registry entry can be inserted at any point in a SparkleFormation template or dynamic. e.g. a registry entry can be used to share the same metadata between both AWS::AutoScaling::LaunchConfiguration and AWS::EC2::Instance resources.
Translating a ghost of AWS Advent past
This JSON template from a previous AWS Advent article provisions a single EC2 instance into an existing VPC subnet and security group:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
{ <span class="pl-s1"><span class="pl-pds">"</span>AWSTemplateFormatVersion<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>2010-09-09<span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>Description<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>make an instance, based on region, ami, subnet, and security group<span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>Parameters<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>KeyName<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Description<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>Name of an existing EC2 KeyPair to enable SSH access to the instance<span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>Type<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>String<span class="pl-pds">"</span></span> }, <span class="pl-s1"><span class="pl-pds">"</span>VpcId<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Type<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>String<span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>Description<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>VpcId of your existing Virtual Private Cloud (VPC)<span class="pl-pds">"</span></span> }, <span class="pl-s1"><span class="pl-pds">"</span>SubnetId<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Type<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>String<span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>Description<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>SubnetId of an existing subnet in your Virtual Private Cloud (VPC)<span class="pl-pds">"</span></span> }, <span class="pl-s1"><span class="pl-pds">"</span>AmiId<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Type<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>String<span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>Description<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>AMI to use<span class="pl-pds">"</span></span> }, <span class="pl-s1"><span class="pl-pds">"</span>SecurityGroupId<span class="pl-pds">"</span></span><span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Type<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>String<span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>Description<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>SecurityGroup to use<span class="pl-pds">"</span></span> } }, <span class="pl-s1"><span class="pl-pds">"</span>Resources<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Ec2Instance<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Type<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>AWS::EC2::Instance<span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>Properties<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>ImageId<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Ref<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>AmiId<span class="pl-pds">"</span></span> }, <span class="pl-s1"><span class="pl-pds">"</span>SecurityGroupIds<span class="pl-pds">"</span></span> <span class="pl-k">:</span> [{ <span class="pl-s1"><span class="pl-pds">"</span>Ref<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>SecurityGroupId<span class="pl-pds">"</span></span> }], <span class="pl-s1"><span class="pl-pds">"</span>SubnetId<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Ref<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>SubnetId<span class="pl-pds">"</span></span> }, <span class="pl-s1"><span class="pl-pds">"</span>KeyName<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Ref<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>KeyName<span class="pl-pds">"</span></span> }, <span class="pl-s1"><span class="pl-pds">"</span>UserData<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Fn::Base64<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Fn::Join<span class="pl-pds">"</span></span> <span class="pl-k">:</span> [<span class="pl-s1"><span class="pl-pds">"</span><span class="pl-pds">"</span></span>, [ <span class="pl-s1"><span class="pl-pds">"</span>#!/bin/bash -v<span class="pl-cce">n</span><span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>curl <a href="http://aprivatebucket.s3.amazonaws.com/bootstrap.sh">http://aprivatebucket.s3.amazonaws.com/bootstrap.sh</a> -o /tmp/bootstrap.sh<span class="pl-cce">n</span><span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>bash /tmp/bootstrap.sh<span class="pl-cce">n</span><span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span># If all went well, signal success<span class="pl-cce">n</span><span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>cfn-signal -e $? -r 'Chef Server configuration'<span class="pl-cce">n</span><span class="pl-pds">"</span></span> ]]}} } } }, <span class="pl-s1"><span class="pl-pds">"</span>Outputs<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>InstanceId<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Value<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Ref<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>Ec2Instance<span class="pl-pds">"</span></span> }, <span class="pl-s1"><span class="pl-pds">"</span>Description<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>Instance Id of newly created instance<span class="pl-pds">"</span></span> }, <span class="pl-s1"><span class="pl-pds">"</span>Subnet<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Value<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Ref<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>SubnetId<span class="pl-pds">"</span></span> }, <span class="pl-s1"><span class="pl-pds">"</span>Description<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>Subnet of instance<span class="pl-pds">"</span></span> }, <span class="pl-s1"><span class="pl-pds">"</span>SecurityGroupId<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Value<span class="pl-pds">"</span></span> <span class="pl-k">:</span> { <span class="pl-s1"><span class="pl-pds">"</span>Ref<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>SecurityGroupId<span class="pl-pds">"</span></span> }, <span class="pl-s1"><span class="pl-pds">"</span>Description<span class="pl-pds">"</span></span> <span class="pl-k">:</span> <span class="pl-s1"><span class="pl-pds">"</span>Security Group of instance<span class="pl-pds">"</span></span> } } } |
Not terrible, but the JSON is a little hard on the eyes. Here’s the same thing in Ruby, using SparkleFormation:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
<span class="pl-s3">SparkleFormation</span>.<span class="pl-k">new</span>(<span class="pl-c1">:vpc_instance</span>).<span class="pl-k">new</span> <span class="pl-k">do</span> set!(<span class="pl-s1"><span class="pl-pds">'</span>AWSTemplateFormatVersion<span class="pl-pds">'</span></span> <span class="pl-s1"><span class="pl-pds">'</span>2010-09-09<span class="pl-pds">'</span></span>) description <span class="pl-s1"><span class="pl-pds">'</span>make an instance, based on region, ami, subnet, and security group<span class="pl-pds">'</span></span> parameters <span class="pl-k">do</span> key_name <span class="pl-k">do</span> type <span class="pl-s1"><span class="pl-pds">'</span>String<span class="pl-pds">'</span></span> description <span class="pl-s1"><span class="pl-pds">'</span>Name of an existing EC2 KeyPair to enable SSH access to the instance<span class="pl-pds">'</span></span> <span class="pl-k">end</span> vpc_id <span class="pl-k">do</span> type <span class="pl-s1"><span class="pl-pds">'</span>String<span class="pl-pds">'</span></span> description <span class="pl-s1"><span class="pl-pds">'</span>VpcId of your existing Virtual Private Cloud (VPC)<span class="pl-pds">'</span></span> <span class="pl-k">end</span> subnet_id <span class="pl-k">do</span> type <span class="pl-s1"><span class="pl-pds">'</span>String<span class="pl-pds">'</span></span> description <span class="pl-s1"><span class="pl-pds">'</span>SubnetId of an existing subnet in your Virtual Private Cloud (VPC)<span class="pl-pds">'</span></span> <span class="pl-k">end</span> ami_id <span class="pl-k">do</span> type <span class="pl-s1"><span class="pl-pds">'</span>String<span class="pl-pds">'</span></span> description <span class="pl-s1"><span class="pl-pds">'</span>AMI to use<span class="pl-pds">'</span></span> <span class="pl-k">end</span> security_group_id <span class="pl-k">do</span> type <span class="pl-s1"><span class="pl-pds">'</span>String<span class="pl-pds">'</span></span> description <span class="pl-s1"><span class="pl-pds">'</span>SecurityGroup to use<span class="pl-pds">'</span></span> <span class="pl-k">end</span> <span class="pl-k">end</span> resources(<span class="pl-c1">:ec2_instance</span>) <span class="pl-k">do</span> type <span class="pl-s1"><span class="pl-pds">'</span>AWS::EC2::Instance<span class="pl-pds">'</span></span> properties <span class="pl-k">do</span> image_id ref!(<span class="pl-c1">:ami_id</span>) security_group_ids [ref!(<span class="pl-c1">:security_group_id</span>)] subnet_id ref!(<span class="pl-c1">:subnet_id</span>) key_name ref!(<span class="pl-c1">:key_name</span>) user_data base64!( join!( <span class="pl-s1"><span class="pl-pds">"</span>#!/bin/bash -v<span class="pl-cce">n</span><span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>curl <a href="http://aprivatebucket.s3.amazonaws.com/bootstrap.sh">http://aprivatebucket.s3.amazonaws.com/bootstrap.sh</a> -o /tmp/bootstrap.sh<span class="pl-cce">n</span><span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>bash /tmp/bootstrap.sh<span class="pl-cce">n</span><span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span># If all went well, signal success<span class="pl-cce">n</span><span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>cfn-signal -e $? -r 'Chef Server configuration'<span class="pl-cce">n</span><span class="pl-pds">"</span></span> ) ) <span class="pl-k">end</span> <span class="pl-k">end</span> outputs <span class="pl-k">do</span> instance_id <span class="pl-k">do</span> description <span class="pl-s1"><span class="pl-pds">'</span>Instance Id of newly created instance<span class="pl-pds">'</span></span> value ref!(<span class="pl-c1">:instance_id</span>) <span class="pl-k">end</span> subnet <span class="pl-k">do</span> description <span class="pl-s1"><span class="pl-pds">'</span>Subnet of instance<span class="pl-pds">'</span></span> value ref!(<span class="pl-c1">:subnet_id</span>) <span class="pl-k">end</span> security_group_id <span class="pl-k">do</span> description <span class="pl-s1"><span class="pl-pds">'</span>Security group of instance<span class="pl-pds">'</span></span> value ref!(<span class="pl-c1">:security_group_id</span>) <span class="pl-k">end</span> <span class="pl-k">end</span> <span class="pl-k">end</span> |
Without taking advantage of any of SparkleFormation’s special capabilities, this translation is already a few lines shorter and easier to read as well. That’s a good start, but we can do better.
The template format version specification and parameters required for this template are common to any stack where EC2 compute resources may be used, whether they be single EC2 instances or Auto Scaling Groups, so lets take advantage of some SparkleFormation features to make them reusable.
Here we have a base component that inserts the common parameters into templates which load it:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
<span class="pl-s3">SparkleFormation</span>.build <span class="pl-k">do</span> set!(<span class="pl-s1"><span class="pl-pds">'</span>AWSTemplateFormatVersion<span class="pl-pds">'</span></span>, <span class="pl-s1"><span class="pl-pds">'</span>2010-09-09<span class="pl-pds">'</span></span>) parameters <span class="pl-k">do</span> key_name <span class="pl-k">do</span> type <span class="pl-s1"><span class="pl-pds">'</span>String<span class="pl-pds">'</span></span> description <span class="pl-s1"><span class="pl-pds">'</span>Name of and existing EC2 KeyPair to enable SSH access to the instance<span class="pl-pds">'</span></span> <span class="pl-k">end</span> vpc_id <span class="pl-k">do</span> type <span class="pl-s1"><span class="pl-pds">'</span>String<span class="pl-pds">'</span></span> description <span class="pl-s1"><span class="pl-pds">'</span>VpcId of your existing Virtual Private Cloud (VPC)<span class="pl-pds">'</span></span> <span class="pl-k">end</span> subnet_id <span class="pl-k">do</span> type <span class="pl-s1"><span class="pl-pds">'</span>String<span class="pl-pds">'</span></span> description <span class="pl-s1"><span class="pl-pds">'</span>SubnetId of an existing subnet in your Virtual Private Cloud (VPC)<span class="pl-pds">'</span></span> <span class="pl-k">end</span> ami_id <span class="pl-k">do</span> type <span class="pl-s1"><span class="pl-pds">'</span>String<span class="pl-pds">'</span></span> description <span class="pl-s1"><span class="pl-pds">'</span>AMI You want to use<span class="pl-pds">'</span></span> <span class="pl-k">end</span> security_group_id <span class="pl-k">do</span> type <span class="pl-s1"><span class="pl-pds">'</span>String<span class="pl-pds">'</span></span> description <span class="pl-s1"><span class="pl-pds">'</span>SecurityGroup to use<span class="pl-pds">'</span></span> <span class="pl-k">end</span> <span class="pl-k">end</span> outputs <span class="pl-k">do</span> subnet <span class="pl-k">do</span> description <span class="pl-s1"><span class="pl-pds">'</span>Subnet of instance<span class="pl-pds">'</span></span> value ref!(<span class="pl-c1">:subnet_id</span>) <span class="pl-k">end</span> security_group_id <span class="pl-k">do</span> description <span class="pl-s1"><span class="pl-pds">'</span>Security group of instance<span class="pl-pds">'</span></span> value ref!(<span class="pl-c1">:security_group_id</span>) <span class="pl-k">end</span> <span class="pl-k">end</span> <span class="pl-k">end</span> |
Now that the template version and common parameters have moved into the new base component, we can make use of them by loading that component as we instantiate our new template, specifying that the template will override any pieces of the component where the two intersect.
Let’s update the SparkleFormation template to make use of the new base component:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
<span class="pl-s3">SparkleFormation</span>.<span class="pl-k">new</span>(<span class="pl-c1">:vpc_instance</span>).load(<span class="pl-c1">:base</span>).overrides <span class="pl-k">do</span> description <span class="pl-s1"><span class="pl-pds">'</span>make an instance, based on region, ami, subnet, and security group<span class="pl-pds">'</span></span> resources(<span class="pl-c1">:ec2_instance</span>) <span class="pl-k">do</span> type <span class="pl-s1"><span class="pl-pds">'</span>AWS::EC2::Instance<span class="pl-pds">'</span></span> properties <span class="pl-k">do</span> image_id ref!(<span class="pl-c1">:ami_id</span>) security_group_ids [ref!(<span class="pl-c1">:security_group_id</span>)] subnet_id ref!(<span class="pl-c1">:subnet_id</span>) key_name ref!(<span class="pl-c1">:key_name</span>) user_data base64!( join!( <span class="pl-s1"><span class="pl-pds">"</span>#!/bin/bash -v<span class="pl-cce">n</span><span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>curl <a href="http://aprivatebucket.s3.amazonaws.com/bootstrap.sh">http://aprivatebucket.s3.amazonaws.com/bootstrap.sh</a> -o /tmp/bootstrap.sh<span class="pl-cce">n</span><span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>bash /tmp/bootstrap.sh<span class="pl-cce">n</span><span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span># If all went well, signal success<span class="pl-cce">n</span><span class="pl-pds">"</span></span>, <span class="pl-s1"><span class="pl-pds">"</span>cfn-signal -e $? -r 'Chef Server configuration'<span class="pl-cce">n</span><span class="pl-pds">"</span></span> ) ) <span class="pl-k">end</span> <span class="pl-k">end</span> outputs <span class="pl-k">do</span> instance_id <span class="pl-k">do</span> description <span class="pl-s1"><span class="pl-pds">'</span>Instance Id of newly created instance<span class="pl-pds">'</span></span> value ref!(<span class="pl-c1">:instance_id</span>) <span class="pl-k">end</span> <span class="pl-k">end</span> <span class="pl-k">end</span> |
Because the basecomponent includes the parameters we need, the template no longer explicitly describes them.
Advanced tips and tricks
Since SparkleFormation is Ruby, we can get a little fancy. Let’s say we want to build 3 subnets into an existing VPC. If we know the VPC’s /16 subnet we can provide it as an environment variable (export VPC_SUBNET="10.1.0.0/16"), and then call that variable in a template that generates additional subnets:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
<span class="pl-s3">SparkleFormation</span>.build <span class="pl-k">do</span> set!(<span class="pl-s1"><span class="pl-pds">'</span>AWSTemplateFormatVersion<span class="pl-pds">'</span></span>, <span class="pl-s1"><span class="pl-pds">'</span>2010-09-09<span class="pl-pds">'</span></span>) octets <span class="pl-k">=</span> <span class="pl-vo">ENV</span>[<span class="pl-s1"><span class="pl-pds">'</span>VPC_SUBNET].split(<span class="pl-pds">'</span></span>.<span class="pl-s1"><span class="pl-pds">'</span>).slice(0,2).join(<span class="pl-pds">'</span></span>.<span class="pl-s1"><span class="pl-pds">'</span>)</span> <span class="pl-s1"></span> <span class="pl-s1"> subnets = %w(1 2 3)</span> <span class="pl-s1"></span> <span class="pl-s1"> parameters(:vpc_id) do</span> <span class="pl-s1"> type <span class="pl-pds">'</span></span><span class="pl-vo">String</span><span class="pl-s1">'</span> <span class="pl-s1"> description <span class="pl-pds">'</span></span><span class="pl-vo">Existing</span> <span class="pl-vo">VPC</span> <span class="pl-vo">ID</span><span class="pl-s1">'</span> <span class="pl-s1"> end</span> <span class="pl-s1"></span> <span class="pl-s1"> parameters(:route_table_id) do</span> <span class="pl-s1"> type <span class="pl-pds">'</span></span><span class="pl-vo">String</span><span class="pl-s1">'</span> <span class="pl-s1"> description <span class="pl-pds">'</span></span><span class="pl-vo">Existing</span> <span class="pl-vo">VPC</span> <span class="pl-vo">Route</span> <span class="pl-vo">Table</span><span class="pl-s1">'</span> <span class="pl-s1"> end</span> <span class="pl-s1"></span> <span class="pl-s1"> subnets.each do |subnet|</span> <span class="pl-s1"> resources("vpc_subnet_#{subnet}".to_sym) do</span> <span class="pl-s1"> type <span class="pl-pds">'</span></span><span class="pl-s3">AWS</span>::<span class="pl-s3">EC2</span>::<span class="pl-vo">Subnet</span><span class="pl-s1">'</span> <span class="pl-s1"> properties do</span> <span class="pl-s1"> vpc_id ref!(:vpc_id)</span> <span class="pl-s1"> cidr_block octets + <span class="pl-pds">'</span></span>.<span class="pl-s1"><span class="pl-pds">'</span> + subnet + <span class="pl-pds">'</span></span>.<span class="pl-c1">0</span><span class="pl-k">/</span><span class="pl-c1">24</span><span class="pl-s1">'</span> <span class="pl-s1"> availability_zone <span class="pl-pds">'</span></span>us<span class="pl-k">-</span>west<span class="pl-k">-</span>2a<span class="pl-s1">'</span> <span class="pl-s1"> end</span> <span class="pl-s1"> end</span> <span class="pl-s1"></span> <span class="pl-s1"> resources("vpc_subnet_route_table_association_#{subnet}".to_sym) do</span> <span class="pl-s1"> type <span class="pl-pds">'</span></span><span class="pl-s3">AWS</span>::<span class="pl-s3">EC2</span>::<span class="pl-vo">SubnetRouteTableAssociation</span><span class="pl-s1">'</span> <span class="pl-s1"> properties do</span> <span class="pl-s1"> route_table_id ref!(:route_table_id)</span> <span class="pl-s1"> subnet_id ref!("vpc_subnet_#{subnet}".to_sym)</span> <span class="pl-s1"> end</span> <span class="pl-s1"> end</span> <span class="pl-s1">end</span> |
Of course we could place the subnet and route table association resources into a dynamic, so that we could just call the dynamic with some config:
|
1 2 3 |
subnets.each <span class="pl-k">do </span>|<span class="pl-vo">subnet</span>| dynamic!(<span class="pl-c1">:vpc_subnet</span>, subnet, subnet_cidr => octets <span class="pl-k">+</span> <span class="pl-s1"><span class="pl-pds">'</span>.<span class="pl-pds">'</span></span> <span class="pl-k">+</span> subnet <span class="pl-k">+</span> <span class="pl-s1"><span class="pl-pds">'</span>.0/24<span class="pl-pds">'</span></span>) <span class="pl-k">end</span> |
Okay, this all sounds great! But how do I operate it?
SparkleFormation by itself does not implement any means of sending its output to the CloudFormation API. In this simple case, a SparkleFormation template named ec2_example.rb is output to JSON which you can use with CloudFormation as usual:
|
1 2 3 4 5 6 |
<span class="pl-k">require</span> <span class="pl-s1"><span class="pl-pds">'</span>sparkle_formation<span class="pl-pds">'</span></span> <span class="pl-k">require</span> <span class="pl-s1"><span class="pl-pds">'</span>json<span class="pl-pds">'</span></span> puts <span class="pl-s3">JSON</span>.pretty_generate( <span class="pl-s3">SparkleFormation</span>.compile(<span class="pl-s1"><span class="pl-pds">'</span>ec2_example.rb<span class="pl-pds">'</span></span>) ) |
The knife-cloudformation plugin for Chef’s knife command adds sub-commands for creating, updating, inspecting and destroying CloudFormation stacks described by SparkleFormation code or plain JSON templates. Using knife-cloudformation does not require Chef to be part of your toolchain, it simply leverages knife as an execution platform.
Advent readers may recall a previous article on strategies for reusable CloudFormation templates which advocates a “layer cake” approach to deploying infrastructure using CloudFormation stacks:
The overall approach is that your templates should have sufficient parameters and outputs to be re-usable across environments like dev, stage, qa, or prod and that each layer’s template builds on the next.
Of course this is all well and good, until we find ourselves, once again, copying and pasting. This time its stack outputs instead of JSON, but again, we can do better.
The recent 0.2.0 release of knife-cloudformation adds a new --apply-stack parameter which makes operating “layer cake” infrastructure much easier.
When passed one or more instances of --apply-stack STACKNAME, knife-cloudformation will cache the outputs of the named stack and use the values of those outputs as the default values for parameters of the same name in the stack you are creating.
For example, a stack “coolapp-elb” which provisions an ELB and an associated security group has been configured with the following outputs:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
$ knife cloudformation describe coolapp-elb Resources <span class="pl-k">for</span> <span class="pl-vo">stack</span>: coolapp-elb Updated Logical Id Type Status Status Reason 2014-11-17 22:54:28 UTC CoolappElb AWS::ElasticLoadBalancing::LoadBalancer CREATE_COMPLETE 2014-11-17 22:54:47 UTC CoolappElbSecurityGroup AWS::EC2::SecurityGroup CREATE_COMPLETE Outputs <span class="pl-k">for</span> <span class="pl-vo">stack</span>: coolapp-elb Elb Dns: coolapp-elb-25352800.us-east-1.elb.amazonaws.com Elb Name: coolapp-elb Elb Security Group: coolapp-elb-CoolappElbSecurityGroup-JSR4RUT66Z66 |
The values from the ElbName and ElbSecurityGroup would be of use to us in attaching an app server auto scaling group to this ELB, and we could use those values automatically by setting parameter names in the app server template which match the ELB stack’s output names:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
<span class="pl-s3">SparkleFormation</span>.<span class="pl-k">new</span>(<span class="pl-c1">:coolapp_asg</span>) <span class="pl-k">do</span> parameters(<span class="pl-c1">:elb_name</span>) <span class="pl-k">do</span> type <span class="pl-s1"><span class="pl-pds">'</span>String<span class="pl-pds">'</span></span> <span class="pl-k">end</span> parameters(<span class="pl-c1">:elb_security_group</span>) <span class="pl-k">do</span> type <span class="pl-s1"><span class="pl-pds">'</span>String<span class="pl-pds">'</span></span> <span class="pl-k">end</span> ... <span class="pl-k">end</span> |
Once our coolapp_asg template uses parameter names that match the output names from the coolapp-elb stack, we can deploy the app server layer “on top” of the ELB layer using --apply-stack:
|
1 |
$ knife cloudformation create coolapp-asg --apply-stack coolapp-elb |
Similarly, if we use a SparkleFormation template to build our VPC, we can set a number of VPC outputs that will be useful when building stacks inside the VPC:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
outputs <span class="pl-k">do</span> vpc_id <span class="pl-k">do</span> description <span class="pl-s1"><span class="pl-pds">'</span>VPC ID<span class="pl-pds">'</span></span> value ref!(<span class="pl-c1">:vpc_id</span>) <span class="pl-k">end</span> subnet_id <span class="pl-k">do</span> description <span class="pl-s1"><span class="pl-pds">'</span>VPC Subnet ID<span class="pl-pds">'</span></span> value ref!(<span class="pl-c1">:subnet_id</span>) <span class="pl-k">end</span> route_table_id <span class="pl-k">do</span> description <span class="pl-s1"><span class="pl-pds">'</span>VPC Route Table<span class="pl-pds">'</span></span> value ref!(<span class="pl-c1">:route_table</span>) <span class="pl-k">end</span> <span class="pl-k">end</span> |
This ‘apply stack’ approach is just the latest way in which the SparkleFormation tool chain can help you keep your sanity when building infrastructure with CloudFormation.
Further reading
I hope this brief tour of SparkleFormation’s capabilities has piqued your interest. For some AWS users, the combination of SparkleFormation and knife-cloudformation helps to address a real pain point in the infrastructure-as-code tool chain, easing the development and operation of layered infrastructure.
Here’s some additional material to help you get started:
- SparkleFormation documentation – more detailed discussion of the concepts introduced here, and mmore!
- SparkleFormation starter kit – an example repository containing some basic templates for deploying a VPC and an EC2 instance inside that VPC.
- Sean Porter’s SparkleFormation ignite talk from DevOpsDays Vancouver 2014