-
Notifications
You must be signed in to change notification settings - Fork 4
/
aws_agent_example.yml
138 lines (129 loc) · 4.7 KB
/
aws_agent_example.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
AWSTemplateFormatVersion: '2010-09-09'
Description: Example for starting a Woodpecker agent on AWS EC2
Parameters:
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instance
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
InstanceType:
Description: Agent EC2 instance type
Type: String
Default: t3a.medium
ConstraintDescription: must be a valid EC2 instance type.
VolumeSize:
Description: Size in GB for the EBS volume attached to the agent instance
Type: String
Default: '30'
WoodpeckerServer:
Description: host and port of the woodpecker server, e.g. woodpecker.example.com:443
Type: String
WoodpeckerAgentSecret:
Description: Woodpecker agent secret
Type: String
NoEcho: true
WoodpeckerGrpcSecure:
Description: Use GRPC over secure connection
Type: String
Default: 'true'
WoodpeckerAgentImage:
Description: Container image to use for woodpecker agent
Type: String
Default: 'woodpeckerci/woodpecker-agent:v2.4.1-alpine'
WoodpeckerFilterLabels:
Description: Labels for agent to pick pipeline
Type: String
Default: 'platform=linux/amd64,backend=docker,repo=*'
Mappings:
RegionMap:
eu-west-1:
IMAGEID: ami-0fe0b2cf0e1f25c8a
Resources:
WoodpeckerAgentInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", IMAGEID]
InstanceType:
Ref: InstanceType
SecurityGroups:
- Ref: WoodpeckerAgentSecurityGroup
KeyName:
Ref: KeyName
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
DeleteOnTermination: 'true'
VolumeSize:
Ref: VolumeSize
VolumeType: gp2
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -xe
exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1
export EC2USER=ec2-user
# Install docker
amazon-linux-extras install -y docker
systemctl enable docker
systemctl start docker
usermod -a -G docker $EC2USER
# Install docker-compose
curl -L https://github.com/docker/compose/releases/download/v2.10.1/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
# Prepare for multi-arch builds
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
# Also prepare for multi-arch builds after reboot
cat >/etc/systemd/system/multiarch.service <<EOF
[Unit]
After=docker.service
[Service]
ExecStart=/usr/bin/docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
[Install]
WantedBy=default.target
EOF
systemctl daemon-reload
systemctl enable multiarch.service
# Install woodpecker
cd /home/$EC2USER
export WOODPECKER_AGENT_SECRET=$(openssl rand -hex 32)
cat >docker-compose.yml <<EOF
version: '3'
services:
woodpecker-agent:
image: ${WoodpeckerAgentImage}
command: agent
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- WOODPECKER_SERVER=${WoodpeckerServer}
- WOODPECKER_AGENT_SECRET=${WoodpeckerAgentSecret}
- WOODPECKER_FILTER_LABELS=${WoodpeckerFilterLabels}
- WOODPECKER_GRPC_SECURE=${WoodpeckerGrpcSecure}
- WOODPECKER_BACKEND=docker
EOF
/usr/local/bin/docker-compose up --detach
# Signal the status from cfn-init\n"
/opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WoodpeckerAgentInstance --region ${AWS::Region}
CreationPolicy:
ResourceSignal:
Timeout: PT15M
WoodpeckerAgentSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Enable SSH only
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: '0.0.0.0/0'
- IpProtocol: tcp
FromPort: '22'
ToPort: '22'
CidrIp: '0.0.0.0/0'
Outputs:
WoodpeckerAgentInstanceID:
Description: ID of Woodpecker EC2 instance
Value: !Ref WoodpeckerAgentInstance
WoodpeckerAgentInstanceIP:
Description: Public IP of Woodpecker agent EC2 instance
Value: !GetAtt WoodpeckerAgentInstance.PublicIp