17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
# File 'manifests/environment.pp', line 17
define doatools::environment (
$ensure = present,
$region = 'us-east-1',
$vpc = $name,
$network = {
cidr => '192.168.0.0/24', # The CIDR for the VPC
availability => [ 'a', 'b', 'c'], # The availability zones to use
routes => [ ], # Any non standard routes in format "{cidr}|{target type}|{target-name}"
dns_hostnames => false, # Can be set to true, to enable DNS hostnames
dns_resolution => true, # Can be set to false, to disable DNS resolution
},
$zones = {
# We can have up to 3 zones defined. Zones define the routing to the outside world.
# Isolation between servers is handled by security groups and not zones.
# Public zone subnets have public ip addresses and route traffic via the internet gateway
'public' => {
# ipaddr_weighting => 1,
# format => '%{vpc}%{az}pub',
# This zone will then use these routes for this nat, instead of the routes in the network routes.
# routes => [],
# This grants extra routes to this zones routing table in addition to the network routes.
# extra_routes => [ ],
},
# NAT zone subnets only have private ip addresses, and route traffic via nat gateways. There will be one nat
# gateway per IP address provided. nat subnets without their own nat gateway will be routed via another subnet
# EC2 instances in a nat zone cannot be given a public IP address
# 'nat' => {
# ipaddr_weighting => 1,
# format => '%{vpc}%{az}nat',
# nat_ipaddr => [ ],
# This zone will then use these routes for this nat, instead of the routes in the network routes.
# routes => [],
# This grants extra routes to this zones routing table in addition to the network routes.
# extra_routes => [ ],
#},
# Private zone subnets do not route traffic to the internet. However, it is possible to add routing to the internet
# gateway and then attach an elastic IP address to a server to gain access for a temporary fix.
#'private' => {
# ipaddr_weighting => 1,
# format => '%{vpc}%{az}pri',
# This zone will then use these routes for this nat, instead of the routes in the network routes.
# routes => [],
# This grants extra routes to this zones routing table in addition to the network routes.
# extra_routes => [ ],
#},
},
$server_roles = {
},
$services = {
},
$db_servers = {
},
$s3 = {
},
$tags = {
},
$policies = {
}
# $region=lookup('environment::region', Data, 'first', 'us-east-1'),
# $network=lookup('environment::network', Data, 'first', { }),
# $roles=lookup('environment::roles', Data, 'first', {}),
# $ensure=lookup('environment::ensure', Data, 'first', present)
) {
define_environment_resources(
$name,
$ensure,
$region,
$network,
$zones,
$server_roles,
$services,
$db_servers,
$s3,
$tags,
$policies,
).each |$r| {
$rt = $r['resource_type']
$rts = $r['resources'].keys
info("declaring resources: ${rt} ${rts}")
debug($r['resources'])
create_resources($r['resource_type'], $r['resources'], {})
}
}
|