plus3it / cfn-confluence Goto Github PK
View Code? Open in Web Editor NEWUse AWS CloudFormation to deploy Atlassian Confluence onto STIG-hardened EL7 Amazon instances
License: Apache License 2.0
Use AWS CloudFormation to deploy Atlassian Confluence onto STIG-hardened EL7 Amazon instances
License: Apache License 2.0
It may be desirable to offer the ability to customize database tuning-options. Need the DB to use a custom — rather than the currently used RDS-default — parameter group.
Ability to tune DB behavior via DB parameter-group settings
Current use of RDS-default DB parameter-group precludes tuning customizations
Deploy RDS DB from existing templates
Add a AWS::RDS::DBParameterGroup
resource-type into the current RDS templating.
The current value:
ExecReload=/opt/atlassian/confluence/bin/confluence.sh | sleep 60 | /opt/atlassian/confluence/bin/confluence.sh
Should be changed to:
ExecReload=/opt/atlassian/confluence/bin/stop-confluence.sh | sleep 60 | /opt/atlassian/confluence/bin/start-confluence.sh
Currently, EC2 template(s) do not include CWA logging logic. Note that addressing #18 should close this issue in the process.
Since the initiation of this project, the source watchmaker templates for EC2 have been continually upgraded. The Confluence project's templates have not generally been re-baselined to capture the newer functionality found in the watchmaker templates.
Each EC2-deploying template should be re-baselined against the watchmaker 1.5.6 baseline template
Amazon Certificate Manager (ACM) is not available for use in all regions/partitions. In these regions/partitions, it will be necessary to use Identity and Access Management (IAM) to host SSL certificates used for ELB-based SSL-termination. To maximize portability, ELB templates should allow use of either ACM- or IAM-hosted SSL certificates.
ELBs support SSL-termination whether ACM is available for use in a given region/partition.
ELBs do not currently support SSL-termination when ACM is unavailable for use in a given region/partition.
The following templates need remediation:
make_confluence_ELBv1-pub.tmplt.json
make_confluence_ELBv2-pub.tmplt.json
Add a Condition{}
and Parameters{}
components and associated logic within the Resources{}
sections to support selection of ACM- or IAM-hosted SSL certificates when launching an ELB template.
Templates may not be sufficiently portable if ARNs hardcode the :aws:
partition-element into them (won't work in specialty-regions like aws-cn
). See AWS::Partition pseudo-param documentation.
All templates should work in all AWS partitions
The make_confluence_ELBv1-pub.tmplt.json
template will fail if not launched into the default/commercial AWS region
Update enumerated template-files to update all "arn:aws:...
string-literals to something more like:
{
"Fn::Join": [
":",
[
"arn",
{ "Ref": "AWS::Partition"},
…,
…
]
]
}
Currently using the default JVM memory options:
-Xms1024m -Xmx1024m
Need to investigate whether that should be overridden, and if so, where to do so ...and then update automation to allocate based on hosting-instance's available RAM
Ensure .github
project-directory exists and contains:
Files. Model content from cfn-artifactory project-content.
Current file-mode is not acceptable to cron — getting BAD FILE MODE (/etc/cron.d/ConfluenceBkup)
errors. Need to change mode from 000700
to 000644
Templates last based prior to usage of CloudWatch Agent. Update to include optional CloudWatch logic
Template installs CloudWatch agent in regions that support it.
No hooks for CloudWatch Agent present
Re-baseline EC2 templates against latest watchmaker templates
Since initial authoring, AWS has updated available PGSQL versions. Per today's (2018-12-10) notifications, AWS is recommending updating running versions to at least 9.6.9.
AWS's currently-supported versions are (application support may vary: test if moving to a higher major):
10.4
10.3
10.1
9.6.10
9.6.9
9.6.8
9.6.6
9.6.5
9.6.3
9.6.2
9.6.1
9.5.14
9.5.13
9.5.12
9.5.10
9.5.9
9.5.7
9.5.6
9.5.4
9.5.2
Make sure they aren't too aggressive — particularly the EC2s'/ASGs' and RDSes'
AWS has released new instance types that might better align to some deployment-scopes
Support t3 and m5 instance-types where possible
Does not currently support t3 and m5 instance-types at all
Update template logic to allow for t3 and m5 instance-types
Currently, CWA logging is not enabled in the EC2 template(s). When rebasing against the watchmaker 1.5.6 templates, generic CWA logging should be enabled. Need to also ensure the template-installed logging definitions also include the Confluence application logs. Probably best to work this issue in coordination with issues #18 and #19.
When instance is rebooted — as is part of the automated-provisioning process's workflow — the OS hangs on shutdown
Initiating a reboot results in only a very short (a couple minutes) system-outage
During shutdown, systemd doesn't properly handle offlining NFS mounts prior to killing networking and the whole process wedges
Reboot instance while application is running and its NFS mounts are in-use/mounted
<none>
With EL 7.6's rebasing of cloud-init, the current cloud-init-per
declaration in UserData results in the secondary EBS being mkfs
ed each time the instance boots.
Secondary EBS is only mkfs
ed during initial boot
Secondary EBS being mkfs
ed each time the instance boots.
Update UserData. Change:
" - cloud-init-per instance mkfs-appvolume mkfs -t ext4 ",
To:
" - cloud-init-per instance appvolume mkfs -t ext4 ",
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.