peterkh / cumulus Goto Github PK

View Code? Open in Web Editor NEW

206.0 20.0 40.0 158 KB

Helps manage AWS CloudFormation stacks

License: Other

Python 100.00%

cumulus's Introduction

Cumulus

Helps manage AWS CloudFormation stacks

Build status

News

2014-07-01

Added colour cloudformation event status output via 'highlight-output' setting in YAML.

highlight-output: true

2014-04-17

You can now insert PyStache {{}} style variables to import environment variables.

  stack:
    ami_id: {{AMIID}}

  AMID=ami-1q23123123 cumulus -y example_stack.yaml -a create

would be seen by cloudformation with the ami id of ami-1q23123123

2013-09-06

You can now define stack level tags using the tags directive in the YaML file, like:

tags:
  tag1: value
  tag2: value

tags can be specified both at root level and sub-stack level. tags at root level are applied to all sub-stacks and duplicate sub-stack tags will override root level tags

You can use the directive disable: true in any sub-stack to prevent it from being created/updated/deleted

The problem

Amazon CloudFormation (CF) allows you to instantiate multiple AWS resources in a repeatable, ordered and structured method. As our infrastructure grew, so did our CF templates and soon they were monolothic and complex to maintain. We looked at spliting these templates into smaller chunks, which worked as a short term solution but created a new problem. With multiple templates dependant on other declared resources, we were forced to manually pass parameters for inter-stack operability. This greatly affected the repeatability of our stacks as we did not have an easy method to keep track of what parameters were used, especially those relating to physical resource IDs.

The solution

Cumulus attempts to solve the problem by introducing a layer above CF templates, a stack configuration YAML file. This allows multiple CF stacks to be created in order and maintained respecting their dependencies. The YAML file stores values for parameters to be passed into each of the stacks. Parameters can be assigned with static values or will source the value of a parameter, output or resource of another stack described in the YAML file. Cumulus actively translates reference values to physical resource values on creation of the stack.

Current state / known issues

For our use, Cumulus can create, update and delete stacks reliably but is still very much in an Alpha state. We're looking forward to see how you use Cumulus, and please submit pull requests for any issues you may encounter or for feature requests :)

This is my first real python project, so I'm sure the code can be, just generally better...

Known issues:

Templates are passed in as a JSON string to CF, this will break large templates

Roadmap:

Implement a way of displaying meaningful diffs during update runs
Add support for using S3/Externally hosted templates
Support larger templates

How to get started

Clone the repo somewhere:

$ git clone git://github.com/peterkh/cumulus.git

Install Cumulus with setuptools:

$ sudo python setup.py install

Make sure you have AWS credentials set up for boto (the library used by Cumulus to interact with AWS). Set the following environment variables:

AWS_ACCESS_KEY_ID - Your AWS Access Key ID

AWS_SECRET_ACCESS_KEY - Your AWS Secret Access Key

or create a boto config file as described here, covering some other helpful boto-related settings.

Creating the example stack

Common sense warning: Running this example will create real resources in AWS and will cost you AWS credits / money / magic beans.

I have included an example stack in the examples/ dir. It consists of three files:

cumulus_example_stack.yaml: The Cumulus yaml file for the stack. Creates a stack out of the following two templates in ap-southeast-2 (Sydney region)
vpc_layer.json: CF template to creates a VPC, base subnet and ACL
instance_layer.json: CF template to create an instance inside a given VPC

The template files are complete and work independently of Cumulus. Cumulus's purpose in life is just to make managing them easier.

To create the example stack, change into the examples/ dir and run:

$ cumulus -y cumulus_example_stack.yaml -a create

Cumulus will print out CF messages as it builds.

You can then try modifying the template and/or the values of the parameters and then update the stack:

$ cumulus -y cumulus_example_stack.yaml -a update

Once you have finished experimenting, you can delete as follows:

$ cumulus -y cumulus_example_stack.yaml -a delete

General usage

cumulus -h
usage: cumulus [-h] -y YAMLFILE -a ACTION [-l LOGLEVEL] [-L BOTOLOGLEVEL]
               [-s STACKNAME]

optional arguments:
  -h, --help            show this help message and exit
  -y YAMLFILE, --yamlfile YAMLFILE
                        The yaml file to read the VPC mega stack configuration
                        from
  -a ACTION, --action ACTION
                        The action to perform: create, check, update, delete
                        or watch
  -l LOGLEVEL, --log LOGLEVEL
                        Log Level for output messages, CRITICAL, ERROR,
                        WARNING, INFO or DEBUG
  -L BOTOLOGLEVEL, --botolog BOTOLOGLEVEL
                        Log Level for boto, CRITICAL, ERROR, WARNING, INFO or
                        DEBUG
  -s STACKNAME, --stack STACKNAME
                        The stack name, used with the watch action, ignored
                        for other actions

YAML file format

Have a look at examples/cumulus_example_stack.yaml for a commented version of the yaml file.

All sections are required at the moment, even if they are blank (i.e. depends, params). depends also needs to be empty or an array, even if the stack has only one dependency.

cumulus's People

Contributors

Stargazers

Watchers

cumulus's Issues

Secret parameters

Hi Guys, Love the work so far and enjoying playing with this. Just a silly question...

With the idea that we can build infrastructure in to config files, do you have a way to put a secret in to the mix? for example a Password?

Would this have to be declared in plain text in the YAML configuration file or do you guys have a way of preventing this information leaking in to SCM when people are making configs for Cumulus use?

Many thanks in advance and keep up the good work!
Thanks,
//P

Need a 'force' argument for delete action

I'm going to be using Cumulus to execute CloudFormation templates as part of an automation workflow. The 'delete' action needs a 'force' argument to skip the question that appears to users on the command-line.

Add ability to built partial megastacks

I would like to be able to just build part of a stack sometimes for testing.

Add an option that would just build that stack and all of it's dependencies.

Handle Control-C signals

Implement Signal handling and offer to cancel the current CloudFormation activity.

Worth mentioning in the docs the other cumulus project

Hi, I just ran pip install cumulus and got this package, not the one I was expecting. It might be worth mentioning in the docs that there is another AWS related python project called cumulus.

Better boto error output by default

To keep the output clean, by default boto logging level is set to CRITICAL. but when you have a template error, cumulus doesn't tell you anything useful about why it failed to create the stack. Should be able to log more information about the error without having to increase boto's level.

Current output by default:
CRITICAL:cumulus.MegaStack:Creating stack scpnweb-pkh failed. Error: BotoServerError: 400 Bad Request

Boto logging level error:
ERROR:boto:{"Error":{"Code":"ValidationError","Message":"Template error: resource xxxx references undefined symbol: SecurityGroup.","Type":"Sender"},"RequestId":"xxxx"}
CRITICAL:cumulus.MegaStack:Creating stack scpnweb-pkh failed. Error: BotoServerError: 400 Bad Request

If the stack exists but is in a "rollbacked" state, cumulus considers it built

When doing a creating but a sub-stack exists in CF, cumulus considers it OK, and doesn't create, thus any other stacks that depend on it, fail.

Cumulus no longer accepts lists in yaml

We have yaml that looks like the following...
WebIds:
-
source : SystemsAzA
type : resource
variable : Web1
-
source : SystemsAzB
type : resource
variable : Web1

Where cumulus passes the value of WebIds to a csv parameter in a cf template

Looks like commit e199287 broke this functionality since item['value']) is being casted to string CFStack.py(109)

VpcId required when creating Instance.

Hello, relatively new at this so please let me know if I've the wrong end of the stick.

When creating a new Instance I noticed that a VpcId is required

{"Error":{"Code":"ValidationError","Message":"Parameters: [VpcId] must have values","Type":"Sender"},"RequestId":"d6dca9e2-eaa0-11e4-a596-15ee2d514b72"}

However it's not even mentioned in the AWS Cloud formation reference as a valid property. Is there another reason why cumulus is asking for the vpc id?

Secondly I found that judging by my JSON file output section:

    "Outputs": {
### truncated ###
        "VpcId": {
            "Description": "VpcId of the created VPC",
            "Value": {
                "Ref": "Dorne"
            }
        }
    },

I should be able to get the vpc id by putting the following in the yaml:

                VpcId:
                    source: HdVpcInSydney
                    type: output
                    variable: Dorne

However it only works if I put the following instead:

                VpcId:
                    source: HdVpcInSydney
                    type: output
                    variable: VpcId

Thanks, workaround available so not urgent.

Cumulus should tell you when passing string instead of array to "depends"

Following template:

default:
  region: eu-west-1
  stacks:
    networking:
      cf_template: networking.json
      depends:
    computing:
      cf_template: computing.json
      depends: networking

end up in really unhelpful error:

CRITICAL:cumulus.MegaStack:Could not resolve dependancy order. Either circular dependancy or dependancy on stack not in yaml file.

It took me almost an hour to find out that depends expects an array, not a string, which is why I think that cumulus should first check what's being passed from the YAML template (string or array) and then show helpful error if it's a string.

btw. dependancy is spelled as dependency in modern english. http://en.wiktionary.org/wiki/dependancy

[Question]: CF Templates vpn_layer, instance_layer

For those new to AWS and Cloudformation -- Where do these JSON templates come from in the first place? Are they created in AWS's CloudFormation Web UI itself?

[Question] Handling larger JSON files

The dreaded failed to satisfy constraint: Member must have length less than or equal to 51200

Has there been any thought/workflow on how cumulus might handle large templates, ie: uploading and running from s3 first?

config item named: s3-cfn-bucket-name and s3-cfn-path
boolean option for use-s3-templates
create/update first uploads/syncs cfn-template.json to s3://s3-cfn-bucket-name/s3-cfn-path/
executes CFN against s3://s3-cfn-bucket-name/s3-cfn-path/cfn-template.json

Non-urgent - Some advice from AWS which may be of some use

Hey Guys,

Again thanks for this awesome project - having a lot of fun working with it! I have been having so much fun that I hit my stack limit on AWS for cloudformation...

After filling in the form and asking AWS to raise my limit I got this lovely bit of information back from them:

"Please keep in mind, that when you have above 20 stacks you should not use the DescribeStacks API without a stack name. Instead use ListStacks http://docs.amazonwebservices.com/AWSCloudFormation/latest/APIReference/API... because it is efficient. When called, DescribeStacks without a stack name will attempt to retrieve all stacks in that account and drastically impact performance; which is why we don't recommend its use."

I noticed that you guys are using DescribeStacks in your code and thought this information might be of some use to you! ;-) disregard if not :-P

Again Many Thanks!
//P

throws error saying "No updates are to be performed." when there are No updates are to be performed and stops the other stacks from being updated

i know this is an amazon problem. but i think there should be a way of ignoring errors and letting the rest of the stacks be built. ie an explicit switch to ignore errors of previous stacks.

Pros and Cons of cumulus vs AWS::CloudFormation::Stack

I am working with CloudFormation a lot these days and usually if I want to coordinate deployments between 2 stacks I just define substacks in the parent template file.

I was wondering what does Cumulus solve that substacks can't solve. I do understand that writing yaml is better than writing json though.

Cheers,

Support for boto profiles

How can AWS CloudFormation help?

Cumulus contributors and users,

Is there anything the AWS CloudFormation service could provide that can help in using and enhancing cumulus? (For example, any additional API, any update to the template format, etc.)

Sincerely,
The AWS CloudFormation Team

getting an error when running update on a non changed script

i am getting the error: ERROR:boto:400 Bad Request
ERROR:boto:{"Error":{"Code":"ValidationError","Message":"No updates are to be performed.","Type":"Sender"},"RequestId":"6ddb2bb8-6570-11e4-805d-5fd52f0eb697"}
CRITICAL:cumulus.MegaStack:Unknown error updating stack: BotoServerError: 400 Bad Request
{"Error":{"Code":"ValidationError","Message":"No updates are to be performed.","Type":"Sender"},"RequestId":"6ddb2bb8-6570-11e4-805d-5fd52f0eb697"}

well obviously there are No updates are to be performed. but this really shouldn't be an error

Ability to disable rollback

It would be great if there could be an option to disable rollback. I think all that is needed is to change this code at MegaStack.py:167:

                self.cfconn.create_stack(
                    stack_name=stack.cf_stack_name,
                    template_body=stack.template_body,
                    parameters=stack.get_params_tuples(),
                    capabilities=['CAPABILITY_IAM'],
                    notification_arns=stack.sns_topic_arn,
                    tags=stack.tags**,**
                    **disable_rollback=True**
                )

.... Although I'm aware that it would be best to have this set as an option on the command line, which I haven't quite worked out how to do yet.

Tom

Using TemplateURL

This is a really great tool - thanks so much for creating it!

We're coming up against the maximum template size that Amazon allows to be uploaded. I believe that a way round this is to upload to s3 and specify a template URL. Do you have any plans to support this in Cumulus?

Thanks in advance!

Tom

Please add licensing information to the repo

Please add a LICENCE.txt or similar to the repo, to clarify licensing situation for potential external contributors.