mirror of https://github.com/OpenVidu/openvidu.git
deployment: Use IMDSv2 in aws deployments
cruizba
parent
4face2e556
commit
aac79ef80f
|
|
@ -194,6 +194,16 @@ Conditions:
|
||||||
|
|
||||||
Resources:
|
Resources:
|
||||||
|
|
||||||
|
LaunchTemplate:
|
||||||
|
Type: AWS::EC2::LaunchTemplate
|
||||||
|
Properties:
|
||||||
|
LaunchTemplateName: IMDSV2
|
||||||
|
LaunchTemplateData:
|
||||||
|
MetadataOptions:
|
||||||
|
HttpEndpoint: enabled
|
||||||
|
HttpPutResponseHopLimit: 1
|
||||||
|
HttpTokens: required
|
||||||
|
|
||||||
OpenviduServer:
|
OpenviduServer:
|
||||||
Type: 'AWS::EC2::Instance'
|
Type: 'AWS::EC2::Instance'
|
||||||
Metadata:
|
Metadata:
|
||||||
|
|
@ -210,7 +220,8 @@ Resources:
|
||||||
INXDB_MEASUREMENT=server
|
INXDB_MEASUREMENT=server
|
||||||
|
|
||||||
OV_VERSION=OPENVIDU_VERSION
|
OV_VERSION=OPENVIDU_VERSION
|
||||||
EC2_AVAIL_ZONE=$(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone)
|
TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
||||||
|
EC2_AVAIL_ZONE=$(curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/placement/availability-zone)
|
||||||
EC2_REGION=$(echo "$EC2_AVAIL_ZONE" | sed 's/[a-z]$//')
|
EC2_REGION=$(echo "$EC2_AVAIL_ZONE" | sed 's/[a-z]$//')
|
||||||
|
|
||||||
curl -i -XPOST "http://$INXDB_URL:8086/write?db=$INXDB_DB" \
|
curl -i -XPOST "http://$INXDB_URL:8086/write?db=$INXDB_DB" \
|
||||||
|
|
@ -246,7 +257,8 @@ Resources:
|
||||||
sed -i "s/DOMAIN_OR_PUBLIC_IP=/DOMAIN_OR_PUBLIC_IP=${PublicElasticIP}/" $WORKINGDIR/.env
|
sed -i "s/DOMAIN_OR_PUBLIC_IP=/DOMAIN_OR_PUBLIC_IP=${PublicElasticIP}/" $WORKINGDIR/.env
|
||||||
else
|
else
|
||||||
[ ! -d "/usr/share/openvidu" ] && mkdir -p /usr/share/openvidu
|
[ ! -d "/usr/share/openvidu" ] && mkdir -p /usr/share/openvidu
|
||||||
PublicHostname=$(curl http://169.254.169.254/latest/meta-data/public-hostname)
|
TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
||||||
|
PublicHostname=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/public-hostname)
|
||||||
sed -i "s/DOMAIN_OR_PUBLIC_IP=/DOMAIN_OR_PUBLIC_IP=$PublicHostname/" $WORKINGDIR/.env
|
sed -i "s/DOMAIN_OR_PUBLIC_IP=/DOMAIN_OR_PUBLIC_IP=$PublicHostname/" $WORKINGDIR/.env
|
||||||
echo $PublicHostname > /usr/share/openvidu/old-host-name
|
echo $PublicHostname > /usr/share/openvidu/old-host-name
|
||||||
fi
|
fi
|
||||||
|
|
@ -279,7 +291,8 @@ Resources:
|
||||||
|
|
||||||
# Get new amazon URL
|
# Get new amazon URL
|
||||||
OldPublicHostname=$(cat /usr/share/openvidu/old-host-name)
|
OldPublicHostname=$(cat /usr/share/openvidu/old-host-name)
|
||||||
PublicHostname=$(curl http://169.254.169.254/latest/meta-data/public-hostname)
|
TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
||||||
|
PublicHostname=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/public-hostname)
|
||||||
sed -i "s/$OldPublicHostname/$PublicHostname/" $WORKINGDIR/.env
|
sed -i "s/$OldPublicHostname/$PublicHostname/" $WORKINGDIR/.env
|
||||||
echo $PublicHostname > /usr/share/openvidu/old-host-name
|
echo $PublicHostname > /usr/share/openvidu/old-host-name
|
||||||
|
|
||||||
|
|
@ -292,6 +305,9 @@ Resources:
|
||||||
group: "root"
|
group: "root"
|
||||||
Properties:
|
Properties:
|
||||||
ImageId: !GetAtt CloudformationLambdaInvoke.ImageId
|
ImageId: !GetAtt CloudformationLambdaInvoke.ImageId
|
||||||
|
LaunchTemplate:
|
||||||
|
LaunchTemplateName: IMDSV2
|
||||||
|
Version: 1
|
||||||
InstanceType: !Ref InstanceType
|
InstanceType: !Ref InstanceType
|
||||||
SecurityGroups:
|
SecurityGroups:
|
||||||
- !Ref WebServerSecurityGroup
|
- !Ref WebServerSecurityGroup
|
||||||
|
|
|
||||||
|
|
@ -732,6 +732,10 @@ Resources:
|
||||||
Properties:
|
Properties:
|
||||||
LaunchTemplateName: !Join [ "-", [ !Ref 'AWS::StackName', 'ASGMediaNodeLaunchTemplate'] ]
|
LaunchTemplateName: !Join [ "-", [ !Ref 'AWS::StackName', 'ASGMediaNodeLaunchTemplate'] ]
|
||||||
LaunchTemplateData:
|
LaunchTemplateData:
|
||||||
|
MetadataOptions:
|
||||||
|
HttpEndpoint: enabled
|
||||||
|
HttpPutResponseHopLimit: 1
|
||||||
|
HttpTokens: required
|
||||||
SecurityGroupIds:
|
SecurityGroupIds:
|
||||||
- !GetAtt MediaNodeSecurityGroup.GroupId
|
- !GetAtt MediaNodeSecurityGroup.GroupId
|
||||||
ImageId: !GetAtt LambdaOnCreateInvoke.MediaNodeImageId
|
ImageId: !GetAtt LambdaOnCreateInvoke.MediaNodeImageId
|
||||||
|
|
@ -987,6 +991,10 @@ Resources:
|
||||||
Properties:
|
Properties:
|
||||||
LaunchTemplateName: !Join [ "-", [ !Ref 'AWS::StackName', 'ASGMasterNodeLaunchConfiguration'] ]
|
LaunchTemplateName: !Join [ "-", [ !Ref 'AWS::StackName', 'ASGMasterNodeLaunchConfiguration'] ]
|
||||||
LaunchTemplateData:
|
LaunchTemplateData:
|
||||||
|
MetadataOptions:
|
||||||
|
HttpEndpoint: enabled
|
||||||
|
HttpPutResponseHopLimit: 1
|
||||||
|
HttpTokens: required
|
||||||
SecurityGroupIds:
|
SecurityGroupIds:
|
||||||
- !GetAtt OpenViduSecurityGroup.GroupId
|
- !GetAtt OpenViduSecurityGroup.GroupId
|
||||||
IamInstanceProfile:
|
IamInstanceProfile:
|
||||||
|
|
|
||||||
|
|
@ -131,6 +131,7 @@ Resources:
|
||||||
#!/bin/bash -x
|
#!/bin/bash -x
|
||||||
|
|
||||||
WORKINGDIR=/opt/openvidu
|
WORKINGDIR=/opt/openvidu
|
||||||
|
TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
||||||
ASG_DATA=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/user-data)
|
ASG_DATA=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/user-data)
|
||||||
AWS_AVAIL_ZONE=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`
|
AWS_AVAIL_ZONE=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`
|
||||||
AWS_REGION="`echo \"$AWS_AVAIL_ZONE\" | sed 's/[a-z]$//'`"
|
AWS_REGION="`echo \"$AWS_AVAIL_ZONE\" | sed 's/[a-z]$//'`"
|
||||||
|
|
|
||||||
|
|
@ -547,6 +547,16 @@ Resources:
|
||||||
UpdateReplacePolicy: Retain
|
UpdateReplacePolicy: Retain
|
||||||
Condition: CreateS3Bucket
|
Condition: CreateS3Bucket
|
||||||
|
|
||||||
|
LaunchTemplate:
|
||||||
|
Type: AWS::EC2::LaunchTemplate
|
||||||
|
Properties:
|
||||||
|
LaunchTemplateName: IMDSV2
|
||||||
|
LaunchTemplateData:
|
||||||
|
MetadataOptions:
|
||||||
|
HttpEndpoint: enabled
|
||||||
|
HttpPutResponseHopLimit: 1
|
||||||
|
HttpTokens: required
|
||||||
|
|
||||||
OpenViduServer:
|
OpenViduServer:
|
||||||
Type: AWS::EC2::Instance
|
Type: AWS::EC2::Instance
|
||||||
Metadata:
|
Metadata:
|
||||||
|
|
@ -573,6 +583,7 @@ Resources:
|
||||||
#!/bin/bash -xe
|
#!/bin/bash -xe
|
||||||
|
|
||||||
WORKINGDIR=/opt/openvidu
|
WORKINGDIR=/opt/openvidu
|
||||||
|
TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
||||||
|
|
||||||
# Pro License
|
# Pro License
|
||||||
sed -i "s/OPENVIDU_PRO_LICENSE=/OPENVIDU_PRO_LICENSE=${OpenViduLicense}/" $WORKINGDIR/.env
|
sed -i "s/OPENVIDU_PRO_LICENSE=/OPENVIDU_PRO_LICENSE=${OpenViduLicense}/" $WORKINGDIR/.env
|
||||||
|
|
@ -590,7 +601,7 @@ Resources:
|
||||||
sed -i "s/DOMAIN_OR_PUBLIC_IP=/DOMAIN_OR_PUBLIC_IP=${PublicElasticIP}/" $WORKINGDIR/.env
|
sed -i "s/DOMAIN_OR_PUBLIC_IP=/DOMAIN_OR_PUBLIC_IP=${PublicElasticIP}/" $WORKINGDIR/.env
|
||||||
else
|
else
|
||||||
[ ! -d "/usr/share/openvidu" ] && mkdir -p /usr/share/openvidu
|
[ ! -d "/usr/share/openvidu" ] && mkdir -p /usr/share/openvidu
|
||||||
PublicHostname=$(curl http://169.254.169.254/latest/meta-data/public-hostname)
|
PublicHostname=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/public-hostname)
|
||||||
sed -i "s/DOMAIN_OR_PUBLIC_IP=/DOMAIN_OR_PUBLIC_IP=$PublicHostname/" $WORKINGDIR/.env
|
sed -i "s/DOMAIN_OR_PUBLIC_IP=/DOMAIN_OR_PUBLIC_IP=$PublicHostname/" $WORKINGDIR/.env
|
||||||
echo $PublicHostname > /usr/share/openvidu/old-host-name
|
echo $PublicHostname > /usr/share/openvidu/old-host-name
|
||||||
fi
|
fi
|
||||||
|
|
@ -623,7 +634,7 @@ Resources:
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Replace vars AWS
|
# Replace vars AWS
|
||||||
INSTANCE_ID=$(curl http://169.254.169.254/latest/meta-data/instance-id)
|
INSTANCE_ID=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/instance-id)
|
||||||
sed -i "s/#AWS_DEFAULT_REGION=/AWS_DEFAULT_REGION=${AWS::Region}/" $WORKINGDIR/.env
|
sed -i "s/#AWS_DEFAULT_REGION=/AWS_DEFAULT_REGION=${AWS::Region}/" $WORKINGDIR/.env
|
||||||
sed -i "s/#AWS_IMAGE_ID=/AWS_IMAGE_ID=${kmsAmi}/" $WORKINGDIR/.env
|
sed -i "s/#AWS_IMAGE_ID=/AWS_IMAGE_ID=${kmsAmi}/" $WORKINGDIR/.env
|
||||||
sed -i "s/#AWS_INSTANCE_TYPE=/AWS_INSTANCE_TYPE=${AwsInstanceTypeKMS}/" $WORKINGDIR/.env
|
sed -i "s/#AWS_INSTANCE_TYPE=/AWS_INSTANCE_TYPE=${AwsInstanceTypeKMS}/" $WORKINGDIR/.env
|
||||||
|
|
@ -695,7 +706,8 @@ Resources:
|
||||||
|
|
||||||
# Get new amazon URL
|
# Get new amazon URL
|
||||||
OldPublicHostname=$(cat /usr/share/openvidu/old-host-name)
|
OldPublicHostname=$(cat /usr/share/openvidu/old-host-name)
|
||||||
PublicHostname=$(curl http://169.254.169.254/latest/meta-data/public-hostname)
|
TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
|
||||||
|
PublicHostname=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/public-hostname)
|
||||||
sed -i "s/$OldPublicHostname/$PublicHostname/" $WORKINGDIR/.env
|
sed -i "s/$OldPublicHostname/$PublicHostname/" $WORKINGDIR/.env
|
||||||
echo $PublicHostname > /usr/share/openvidu/old-host-name
|
echo $PublicHostname > /usr/share/openvidu/old-host-name
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue