1
0
mirror of synced 2024-11-29 08:06:04 +03:00

Add CentOS 7/8 and Amazon Linux 2 support to Cloudformation template (#901)

Add CentOS 7/8 and Amazon Linux 2 support to Cloudformation template.
See #901 for details.

Co-authored-by: Scottpedia
This commit is contained in:
S. X. Liang 2021-01-02 12:40:04 -05:00 committed by GitHub
parent 5f1ca68350
commit f205ecd6f8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 107 additions and 33 deletions

View File

@ -10,7 +10,7 @@
- Amazon EC2 实例类型 - Amazon EC2 实例类型
> **注:** 在某些 AWS 区域中,此模版提供的某些实例类型可能不可用。比如 `m5a.large` 可能无法在 `ap-east-1` 区域部署(仅为假设)。在此情况下,你会在部署过程中遇到此错误:`The requested configuration is currently not supported. Please check the documentation for supported configurations`。新开放的 AWS 区域更容易出现此问题,因为它们提供的实例类型较少。 > **注:** 在某些 AWS 区域中,此模版提供的某些实例类型可能不可用。比如 `m5a.large` 可能无法在 `ap-east-1` 区域部署(仅为假设)。在此情况下,你会在部署过程中遇到此错误:`The requested configuration is currently not supported. Please check the documentation for supported configurations`。新开放的 AWS 区域更容易出现此问题,因为它们提供的实例类型较少。
- VPN 服务器的操作系统Ubuntu 20.04/18.04/16.04Debian 9 - VPN 服务器的操作系统Ubuntu 20.04/18.04/16.04, Debian 9, CentOS 7/8, AmazonLinux2
> **注:** 在 EC2 上使用 Debian 9 映像之前,你需要先在 AWS Marketplace 上订阅:[Debian 9](https://aws.amazon.com/marketplace/pp/B073HW9SP3)。 > **注:** 在 EC2 上使用 Debian 9 映像之前,你需要先在 AWS Marketplace 上订阅:[Debian 9](https://aws.amazon.com/marketplace/pp/B073HW9SP3)。
- 你的 VPN 用户名 - 你的 VPN 用户名
- 你的 VPN 密码 - 你的 VPN 密码

View File

@ -9,8 +9,8 @@ This template will create a fully-working IPsec VPN server on Amazon Elastic Com
Available customization parameters: Available customization parameters:
- Amazon EC2 instance type - Amazon EC2 instance type
> **Note**: It is possible that not all instance type options offered by this template are available in a specific AWS region. For example, you may not be able to deploy an `m5a.large` instance in `ap-east-1` (hypothetically). In that case, you might experience the following error during deployment: `The requested configuration is currently not supported. Please check the documentation for supported configurations`. Newly released regions are more prone to having this problem as there are less variety of instances. > **Note**: It is possible that not all instance type options offered by this template are available in a specific AWS region. For example, you may not be able to deploy an `m5a.large` instance in `ap-east-1` (hypothetically). In that case, you might experience the following error during deployment: `The requested configuration is currently not supported. Please check the documentation for supported configurations`. Newly released regions are more prone to having this problem as there are less variety of instances. For more info about instance type availability in AWS regions, you might want to visit https://ec2instances.info/.
- OS for your VPN server (Ubuntu 20.04/18.04/16.04, Debian 9) - OS for your VPN server (Ubuntu 20.04/18.04/16.04, Debian 9, CentOS 7/8, AmazonLinux2)
> **Note:** Before using the Debian 9 image on EC2, you need to first subscribe at the AWS Marketplace: [Debian 9](https://aws.amazon.com/marketplace/pp/B073HW9SP3). > **Note:** Before using the Debian 9 image on EC2, you need to first subscribe at the AWS Marketplace: [Debian 9](https://aws.amazon.com/marketplace/pp/B073HW9SP3).
- Your VPN username - Your VPN username
- Your VPN password - Your VPN password
@ -41,16 +41,37 @@ You may choose an AWS region using the selector to the right of your account inf
How to connect to the server via SSH after deployment? How to connect to the server via SSH after deployment?
</summary> </summary>
After deployment, the default username for an Ubuntu instance is **ubuntu**, and for a Debian instance it is **admin**. Amazon EC2 does not allow users to access newly created instances with an SSH password. Instead, users are required to create "key pairs", which are used as credentials for SSH access. You need to know the username and the private key for your instance in order to login to it via SSH.
This template generates a key pair for you during deployment, and the private key will be available as text under the **Outputs** tab after the stack is successfully created. Each Linux server distribution on AWS has its own default login username, while password login is disabled since the use of private key, or "key pairs", is enforced.
The following is a list of default usernames used by the distributions provided:
> **Reference**: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html
| Distribution | Default Login Username |
| --- | --- |
| Ubuntu (`Ubuntu *.04`) | `ubuntu` |
| Debian (`Debian 9` only) | `admin` |
| CentOS (`CenOS 7` and `CentOS 8`) | `centos` |
| AmazonLinux2 | `ec2-user` |
For the private key(aka "Key pair"), this template generates one for you during deployment, and it will be available as text under the **Outputs** tab after the stack is successfully created.
You will need to save the private key from the **Outputs** tab to a file on your computer, if you want to access the VPN server via SSH. You will need to save the private key from the **Outputs** tab to a file on your computer, if you want to access the VPN server via SSH.
> **Note:** You may need to format the private key by replacing all spaces with newlines, before saving to a file. > **Note:** You may need to format the private key by replacing all spaces with newlines, before saving to a file. The file also needs to be set with [proper permission](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html#connection-prereqs-private-key) before it can be used by SSH client.
![Show key](show-key.png) ![Show key](show-key.png)
To add proper permissions to your private key file, run the following command under the directory where the file is located:
```bash
sudo chmod 400 my-key-pair.pem
```
As a result, the command to login to your instance should look like:
```bash
$ ssh -i path/to/your/key.pem instance-username@instance-ip-address
```
</details> </details>
## Author ## Author

View File

@ -1,5 +1,37 @@
{ {
"AWSTemplateFormatVersion": "2010-09-09", "AWSTemplateFormatVersion": "2010-09-09",
"Mappings": {
"OS": {
"Ubuntu1604": {
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\napt-get -yq update\napt-get -yq install python3-pip\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n",
"InstallationLinks": "https://git.io/vpnsetup"
},
"Ubuntu1804": {
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\napt-get -yq update\napt-get -yq install python3-pip\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n",
"InstallationLinks": "https://git.io/vpnsetup"
},
"Ubuntu2004": {
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\napt-get -yq update\napt-get -yq install python3-pip\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n",
"InstallationLinks": "https://git.io/vpnsetup"
},
"Debian9": {
"HelperInstallationCommands": "export DEBIAN_FRONTEND=noninteractive\napt-get -yq update\napt-get -yq install python3-pip\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n",
"InstallationLinks": "https://git.io/vpnsetup"
},
"CentOS7": {
"HelperInstallationCommands": "yum -y check-update\nyum -y install python3 wget\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n",
"InstallationLinks": "https://git.io/vpnsetup-centos"
},
"CentOS8": {
"HelperInstallationCommands": "yum -y check-update\nyum -y install python3 wget\npython3 -m pip install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n",
"InstallationLinks": "https://git.io/vpnsetup-centos"
},
"AmazonLinux2": {
"HelperInstallationCommands": "export PATH=\"$PATH:/opt/aws/bin\"\n",
"InstallationLinks": "https://git.io/vpnsetup-amzn"
}
}
},
"Metadata": { "Metadata": {
"AWS::CloudFormation::Designer": { "AWS::CloudFormation::Designer": {
"0a162613-8f2e-4864-be99-75d946934a4a": { "0a162613-8f2e-4864-be99-75d946934a4a": {
@ -110,14 +142,6 @@
"parent": "5198eb6d-da4f-43e2-8a4b-b9bff02b26a2", "parent": "5198eb6d-da4f-43e2-8a4b-b9bff02b26a2",
"embeds": [], "embeds": [],
"iscontainedinside": [ "iscontainedinside": [
"5198eb6d-da4f-43e2-8a4b-b9bff02b26a2",
"5198eb6d-da4f-43e2-8a4b-b9bff02b26a2",
"5198eb6d-da4f-43e2-8a4b-b9bff02b26a2",
"5198eb6d-da4f-43e2-8a4b-b9bff02b26a2",
"5198eb6d-da4f-43e2-8a4b-b9bff02b26a2",
"5198eb6d-da4f-43e2-8a4b-b9bff02b26a2",
"5198eb6d-da4f-43e2-8a4b-b9bff02b26a2",
"5198eb6d-da4f-43e2-8a4b-b9bff02b26a2",
"5198eb6d-da4f-43e2-8a4b-b9bff02b26a2" "5198eb6d-da4f-43e2-8a4b-b9bff02b26a2"
], ],
"dependson": [ "dependson": [
@ -344,10 +368,15 @@
}, },
"' ERR\n", "' ERR\n",
"sleep 60\n", "sleep 60\n",
"export DEBIAN_FRONTEND=noninteractive\n", {
"apt-get -yq update\n", "Fn::FindInMap": [
"apt-get -yq install python3-pip\n", "OS",
"pip3 install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz\n", {
"Ref": "OS"
},
"HelperInstallationCommands"
]
},
"export VPN_IPSEC_PSK='", "export VPN_IPSEC_PSK='",
{ {
"Ref": "VpnIpsecPsk" "Ref": "VpnIpsecPsk"
@ -363,7 +392,17 @@
"Ref": "VpnPassword" "Ref": "VpnPassword"
}, },
"'\n", "'\n",
"wget -t 3 -T 30 -nv -O vpnsetup.sh https://git.io/vpnsetup\n", "wget -t 3 -T 30 -nv -O vpnsetup.sh ",
{
"Fn::FindInMap": [
"OS",
{
"Ref": "OS"
},
"InstallationLinks"
]
},
"\n",
"sh vpnsetup.sh\n", "sh vpnsetup.sh\n",
"cfn-signal -e 0 ", "cfn-signal -e 0 ",
" --stack ", " --stack ",
@ -600,6 +639,10 @@
[ [
"import boto3", "import boto3",
"import cfnresponse", "import cfnresponse",
"'''",
"This python script should be embeded into its designated cloudformation template.",
"Its function is to sort out the correct AMI image to use for each of the distribution options available.",
"'''",
"def creation_date(e):", "def creation_date(e):",
" return e['CreationDate']", " return e['CreationDate']",
"", "",
@ -608,16 +651,22 @@
" regionName = event['ResourceProperties']['Region']", " regionName = event['ResourceProperties']['Region']",
" distribution = event['ResourceProperties']['Distribution']", " distribution = event['ResourceProperties']['Distribution']",
" ec2 = boto3.client('ec2',regionName)", " ec2 = boto3.client('ec2',regionName)",
" IAMName = ''", " AMIName = ''",
" if distribution == 'Ubuntu16.04':", " if distribution == 'Ubuntu1604':",
" IAMName = 'ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*'", " AMIName = 'ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*'",
" elif distribution == 'Ubuntu18.04':", " elif distribution == 'Ubuntu1804':",
" IAMName = 'ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*'", " AMIName = 'ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*'",
" elif distribution == 'Ubuntu20.04':", " elif distribution == 'Ubuntu2004':",
" IAMName = 'ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*'", " AMIName = 'ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*'",
" elif distribution == 'Debian9':", " elif distribution == 'Debian9':",
" IAMName = 'debian-stretch-hvm-x86_64-gp2-*'", " AMIName = 'debian-stretch-hvm-x86_64-gp2-*'",
" response = ec2.describe_images(Filters=[{'Name':'name', 'Values':[IAMName]}], Owners=['099720109477', '379101102735'])", " elif distribution == 'CentOS7':",
" AMIName = 'CentOS 7.9.2009 x86_64'",
" elif distribution == 'CentOS8':",
" AMIName = 'CentOS 8.3.2011 x86_64'",
" elif distribution == 'AmazonLinux2':",
" AMIName = 'amzn2-ami-hvm-*.*-x86_64-gp2'",
" response = ec2.describe_images(Filters=[{'Name':'name', 'Values':[AMIName]}], Owners=['099720109477', '379101102735', '125523088429', 'amazon'])",
" images = response['Images']", " images = response['Images']",
" images.sort(key=creation_date,reverse=True)", " images.sort(key=creation_date,reverse=True)",
" AMIId = images[0]['ImageId']", " AMIId = images[0]['ImageId']",
@ -762,12 +811,15 @@
"OS": { "OS": {
"Type": "String", "Type": "String",
"Description": "The OS of your VPN server. Default: Ubuntu 20.04", "Description": "The OS of your VPN server. Default: Ubuntu 20.04",
"Default": "Ubuntu20.04", "Default": "Ubuntu2004",
"AllowedValues": [ "AllowedValues": [
"Ubuntu20.04", "Ubuntu2004",
"Ubuntu18.04", "Ubuntu1804",
"Ubuntu16.04", "Ubuntu1604",
"Debian9" "Debian9",
"CentOS7",
"CentOS8",
"AmazonLinux2"
] ]
}, },
"InstanceType": { "InstanceType": {
@ -832,4 +884,5 @@
"Value": "https://github.com/hwdsl2/setup-ipsec-vpn#next-steps" "Value": "https://github.com/hwdsl2/setup-ipsec-vpn#next-steps"
} }
} }
} }