plus3it / cfn-confluence Goto Github PK

Problem Description:

It may be desirable to offer the ability to customize database tuning-options. Need the DB to use a custom — rather than the currently used RDS-default — parameter group.

Expected Behavior:

Ability to tune DB behavior via DB parameter-group settings

Actual Behavior:

Current use of RDS-default DB parameter-group precludes tuning customizations

(Detailed) Steps to reproduce:

Deploy RDS DB from existing templates

(Optional) Fix recommendation:

Add a AWS::RDS::DBParameterGroup resource-type into the current RDS templating.

The current value:

ExecReload=/opt/atlassian/confluence/bin/confluence.sh | sleep 60 | /opt/atlassian/confluence/bin/confluence.sh

Should be changed to:

ExecReload=/opt/atlassian/confluence/bin/stop-confluence.sh | sleep 60 | /opt/atlassian/confluence/bin/start-confluence.sh

Currently, EC2 template(s) do not include CWA logging logic. Note that addressing #18 should close this issue in the process.

Since the initiation of this project, the source watchmaker templates for EC2 have been continually upgraded. The Confluence project's templates have not generally been re-baselined to capture the newer functionality found in the watchmaker templates.

Each EC2-deploying template should be re-baselined against the watchmaker 1.5.6 baseline template

Problem Description:

Amazon Certificate Manager (ACM) is not available for use in all regions/partitions. In these regions/partitions, it will be necessary to use Identity and Access Management (IAM) to host SSL certificates used for ELB-based SSL-termination. To maximize portability, ELB templates should allow use of either ACM- or IAM-hosted SSL certificates.

Expected Behavior:

ELBs support SSL-termination whether ACM is available for use in a given region/partition.

Actual Behavior:

ELBs do not currently support SSL-termination when ACM is unavailable for use in a given region/partition.

Affected Components

The following templates need remediation:

• make_confluence_ELBv1-pub.tmplt.json
• make_confluence_ELBv2-pub.tmplt.json

Fix recommendation:

Add a Condition{} and Parameters{} components and associated logic within the Resources{} sections to support selection of ACM- or IAM-hosted SSL certificates when launching an ELB template.

Problem Description:

Templates may not be sufficiently portable if ARNs hardcode the :aws: partition-element into them (won't work in specialty-regions like aws-cn). See AWS::Partition pseudo-param documentation.

Expected Behavior:

All templates should work in all AWS partitions

Actual Behavior:

The make_confluence_ELBv1-pub.tmplt.json template will fail if not launched into the default/commercial AWS region

Fix recommendation:

Update enumerated template-files to update all "arn:aws:... string-literals to something more like:

            {
              "Fn::Join": [
                ":",
                [
                  "arn",
                  { "Ref": "AWS::Partition"},
                  …,
                  …
                ]
              ]
            }

Currently using the default JVM memory options:

-Xms1024m -Xmx1024m

Need to investigate whether that should be overridden, and if so, where to do so ...and then update automation to allocate based on hosting-instance's available RAM

Ensure .github project-directory exists and contains:

• CODE_OF_CONDUCT.md
• contributing.md
• issue_template.md
• pull_request_template.md

Files. Model content from cfn-artifactory project-content.

Current file-mode is not acceptable to cron — getting BAD FILE MODE (/etc/cron.d/ConfluenceBkup) errors. Need to change mode from 000700 to 000644

Problem Description:

Templates last based prior to usage of CloudWatch Agent. Update to include optional CloudWatch logic

Expected Behavior:

Template installs CloudWatch agent in regions that support it.

Actual Behavior:

No hooks for CloudWatch Agent present

(Optional) Fix recommendation:

Re-baseline EC2 templates against latest watchmaker templates

Since initial authoring, AWS has updated available PGSQL versions. Per today's (2018-12-10) notifications, AWS is recommending updating running versions to at least 9.6.9.

AWS's currently-supported versions are (application support may vary: test if moving to a higher major):

10.4
10.3
10.1
9.6.10
9.6.9
9.6.8
9.6.6
9.6.5
9.6.3
9.6.2
9.6.1
9.5.14
9.5.13
9.5.12
9.5.10
9.5.9
9.5.7
9.5.6
9.5.4
9.5.2

Make sure they aren't too aggressive — particularly the EC2s'/ASGs' and RDSes'

Problem Description:

AWS has released new instance types that might better align to some deployment-scopes

Expected Behavior:

Support t3 and m5 instance-types where possible

Actual Behavior:

Does not currently support t3 and m5 instance-types at all

(Optional) Fix recommendation:

Update template logic to allow for t3 and m5 instance-types

Currently, CWA logging is not enabled in the EC2 template(s). When rebasing against the watchmaker 1.5.6 templates, generic CWA logging should be enabled. Need to also ensure the template-installed logging definitions also include the Confluence application logs. Probably best to work this issue in coordination with issues #18 and #19.

https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=

Problem Description:

When instance is rebooted — as is part of the automated-provisioning process's workflow — the OS hangs on shutdown

Expected Behavior:

Initiating a reboot results in only a very short (a couple minutes) system-outage

Actual Behavior:

During shutdown, systemd doesn't properly handle offlining NFS mounts prior to killing networking and the whole process wedges

Steps to reproduce:

Reboot instance while application is running and its NFS mounts are in-use/mounted

Fix recommendation:

<none>

Problem Description:

With EL 7.6's rebasing of cloud-init, the current cloud-init-per declaration in UserData results in the secondary EBS being mkfsed each time the instance boots.

Expected Behavior:

Secondary EBS is only mkfsed during initial boot

Actual Behavior:

Secondary EBS being mkfsed each time the instance boots.

Fix recommendation:

Update UserData. Change:

"  - cloud-init-per instance mkfs-appvolume mkfs -t ext4 ",

To:

"  - cloud-init-per instance appvolume mkfs -t ext4 ",