diff --git a/README.md b/README.md index 743b6ce..5f12427 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ rainstash ======= -rainstash is an Amazon CloudFormation template for automating the setup of BitTorrent Sync in the Amazon cloud. +rainstash is an Amazon CloudFormation template for automating the setup of Resilio Sync in the Amazon cloud. The following information must be supplied as parameters to rainstash: * **AllowedSubnet** - the subnet allowed to managed the instance via SSH and HTTPS, IPs outside of this subnet will not be able to manage the instance, subnet should be in CIDR form (x.x.x.x/xx) @@ -19,4 +19,4 @@ The following information must be supplied as parameters to rainstash: rainstash and Amazon CloudFormation is completely free to use, however, Amazon may charge for the use of resources created with rainstash. rainstash uses the following cost-related services: EC2, S3, and data transfer. -Due to technical and security considerations, rainstash is designed to be ephimeral. If the EC2 instance where rainstash is running is shutdown or rebooted, data on that instance is not easily recoverable unless you know how to go about doing so. The workaround - the BitTorrent protocol and BitTorrent Sync are meant to be decentralized and distributed. Always have more than one instance, whether it's multiple rainstash stacks or running on your own hardware. Please keep this in mind! +Due to technical and security considerations, rainstash is designed to be ephimeral. If the EC2 instance where rainstash is running is shutdown or rebooted, data on that instance is not easily recoverable unless you know how to go about doing so. The workaround - the BitTorrent protocol and Resilio Sync are meant to be decentralized and distributed. Always have more than one instance, whether it's multiple rainstash stacks or running on your own hardware. Please keep this in mind! diff --git a/templates/BitTorrentSync.template b/templates/ResilioSync.template similarity index 76% rename from templates/BitTorrentSync.template rename to templates/ResilioSync.template index ddd7169..c320287 100644 --- a/templates/BitTorrentSync.template +++ b/templates/ResilioSync.template @@ -1,27 +1,27 @@ { "AWSTemplateFormatVersion" : "2010-09-09", - "Description" : "Sets up a BitTorrent Sync instance", + "Description" : "Sets up a Resilio Sync instance", "Parameters" : { "InstanceType" : { "Description" : "The EC2 instance type", "Type" : "String", - "Default" : "t2.micro", - "AllowedValues" : [ "t2.micro","t2.small","t2.medium","m1.small","m1.medium","m1.large","m1.xlarge","m2.xlarge","m2.2xlarge","m2.4xlarge","m3.medium","m3.large","m3.xlarge","m3.2xlarge","c1.medium","c1.xlarge","cc1.4xlarge","cc2.8xlarge","cg1.4xlarge"], + "Default" : "t2.nano", + "AllowedValues" : [ "t2.nano","t2.micro","t2.small","t2.medium","m1.small","m1.medium","m1.large","m1.xlarge","m2.xlarge","m2.2xlarge","m2.4xlarge","m3.medium","m3.large","m3.xlarge","m3.2xlarge","c1.medium","c1.xlarge","cc1.4xlarge","cc2.8xlarge","cg1.4xlarge"], "ConstraintDescription" : "Must be a valid EC2 instance type." }, - + "KeyName": { "Description" : "The name of an existing EC2 keypair for this instance", "Type": "AWS::EC2::KeyPair::KeyName", - "Default": "BitTorrentSync", + "Default": "ResilioSync", "MinLength": "1", "MaxLength": "255", "AllowedPattern" : "[\\x20-\\x7E]*", "ConstraintDescription" : "can contain only ASCII characters." }, - + "VPCCIDR" : { "Type" : "String", "Description" : "The IP Address range for the VPC", @@ -41,7 +41,7 @@ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, - + "AllowedSubnet" : { "Type" : "String", "Description" : "The subnet that is allowed to access the web server interface, usually your own public IP", @@ -50,7 +50,7 @@ "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})", "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x." }, - + "SSLCertKeyPassword" : { "Type" : "String", "NoEcho": "true", @@ -58,13 +58,13 @@ "MinLength": "8", "ConstraintDescription": "Minimum length of 8 characters" }, - + "StorageNeededInGB" : { "Type" : "String", - "Description" : "Amount of storage needed for BitTorrent Sync", + "Description" : "Amount of storage needed for Resilio Sync", "Default": "1" }, - + "DiskEncryptionPassword" : { "Type" : "String", "NoEcho": "true", @@ -72,21 +72,21 @@ "MinLength": "8", "ConstraintDescription": "Minimum length of 8 characters" }, - + "FolderKey" : { "Type" : "String", "NoEcho": "true", "Description" : "Obtain a read only or read/write key from an already existing Sync folder", "MinLength": "33", "MaxLength": "33", - "ConstraintDescription": "All BitTorrent Sync folder keys are 33 characters long" + "ConstraintDescription": "All Resilio Sync folder keys are 33 characters long" }, - + "WebInterfaceUsername" : { "Type" : "String", "Description" : "Mininum of 8 characters" }, - + "WebInterfacePassword" : { "Type" : "String", "NoEcho": "true", @@ -94,25 +94,28 @@ "MinLength": "8", "ConstraintDescription": "Mininum of 8 characters" }, - + "DeviceName" : { "Type" : "String", "Description" : "Device name, shown with peers connected" } - + }, - + "Mappings": { "RegionMap": { - "us-east-1": { "AMI" : "ami-b66ed3de" }, - "us-west-1": { "AMI" : "ami-cd3aff89" }, - "us-west-2": { "AMI" : "ami-9ff7e8af" } + "us-east-1": { "AMI" : "ami-0b33d91d" }, + "us-east-2": { "AMI" : "ami-c55673a0"}, + "us-west-1": { "AMI" : "ami-165a0876" }, + "us-west-2": { "AMI" : "ami-f173cc91" }, + "eu-west-1": { "AMI" : "ami-70edb016" }, + "eu-west-2": { "AMI" : "ami-f1949e95" } } }, - + "Resources" : { - "BitTorrentSyncVPC" : { + "ResilioSyncVPC" : { "Type" : "AWS::EC2::VPC", "Properties" : { "EnableDnsSupport" : "true", @@ -120,7 +123,7 @@ "CidrBlock" : { "Ref" : "VPCCIDR" }, "Tags" : [ { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, - { "Key" : "Network", "Value" : "BitTorrentSyncVPC" } + { "Key" : "Network", "Value" : "ResilioSyncVPC" } ] } }, @@ -128,7 +131,7 @@ "PrivateSubnet" : { "Type" : "AWS::EC2::Subnet", "Properties" : { - "VpcId" : { "Ref" : "BitTorrentSyncVPC" }, + "VpcId" : { "Ref" : "ResilioSyncVPC" }, "CidrBlock" : { "Ref" : "SubnetCIDR" }, "Tags" : [ { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, @@ -140,7 +143,7 @@ "PrivateRouteTable" : { "Type" : "AWS::EC2::RouteTable", "Properties" : { - "VpcId" : { "Ref" : "BitTorrentSyncVPC" }, + "VpcId" : { "Ref" : "ResilioSyncVPC" }, "Tags" : [ { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, { "Key" : "Network", "Value" : "VPC Subnet" } @@ -155,15 +158,15 @@ "RouteTableId" : { "Ref" : "PrivateRouteTable" } } }, - + "InternetGateway" : { "Type" : "AWS::EC2::InternetGateway" }, - + "AttachInternetGateway" : { "Type" : "AWS::EC2::VPCGatewayAttachment", "Properties" : { - "VpcId" : { "Ref" : "BitTorrentSyncVPC" }, + "VpcId" : { "Ref" : "ResilioSyncVPC" }, "InternetGatewayId" : { "Ref" : "InternetGateway" } } }, @@ -180,7 +183,7 @@ "PrivateNetworkAcl" : { "Type" : "AWS::EC2::NetworkAcl", "Properties" : { - "VpcId" : { "Ref" : "BitTorrentSyncVPC" }, + "VpcId" : { "Ref" : "ResilioSyncVPC" }, "Tags" : [ { "Key" : "Application", "Value" : { "Ref" : "AWS::StackName" } }, { "Key" : "Network", "Value" : "Private" } @@ -221,12 +224,12 @@ "NetworkAclId" : { "Ref" : "PrivateNetworkAcl" } } }, - + "InstanceSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "Allow http to client host", - "VpcId" : {"Ref" : "BitTorrentSyncVPC"}, + "VpcId" : {"Ref" : "ResilioSyncVPC"}, "SecurityGroupIngress" : [{ "IpProtocol" : "tcp", "FromPort" : "22", @@ -239,11 +242,17 @@ "ToPort" : "443", "CidrIp" : { "Ref" : "AllowedSubnet" } }, + { + "IpProtocol" : "tcp", + "FromPort" : "40003", + "ToPort" : "40003", + "CidrIp" : "0.0.0.0/0" + }, { "IpProtocol" : "udp", "FromPort" : "40003", "ToPort" : "40003", - "CidrIp" : { "Ref" : "AllowedSubnet" } + "CidrIp" : "0.0.0.0/0" } ], "SecurityGroupEgress" : [{ @@ -254,15 +263,15 @@ }] } }, - + "PublicIP" : { - "Type" : "AWS::EC2::EIP", + "Type" : "AWS::EC2::EIP", "Properties" : { - "InstanceId" : { "Ref" : "BitTorrentSyncInstance" }, + "InstanceId" : { "Ref" : "ResilioSyncInstance" }, "Domain" : "vpc" } }, - + "DataVolume" : { "Type" : "AWS::EC2::Volume", "Properties" : { @@ -271,31 +280,31 @@ "AvailabilityZone" : { "Fn::GetAtt" : [ "PrivateSubnet", "AvailabilityZone" ] } } }, - - "BitTorrentSyncInstance" : { + + "ResilioSyncInstance" : { "Type" : "AWS::EC2::Instance", "Metadata" : { - "Comment" : "BitTorrent Sync", + "Comment" : "Resilio Sync", "AWS::CloudFormation::Init" : { "config" : { "files" : { - "/opt/btsync.tar.gz" : { - "source" : "http://download.getsyncapp.com/endpoint/btsync/os/linux-x64/track/stable", + "/opt/rslsync.tar.gz" : { + "source" : "https://download-cdn.resilio.com/stable/linux-x64/resilio-sync_x64.tar.gz", "mode" : "000700", "owner" : "root", "group" : "root" }, - - "/opt/btsync.conf" : { + + "/opt/rslsync.conf" : { "content" : { "Fn::Join" : ["", [ "{\n", " \"device_name\" : \"", { "Ref": "DeviceName" }, "\",\n", " \"storage_path\": \"/secure/.sync\",\n", " \"listening_port\": 40003,\n\n", - + " \"shared_folders\" : [ {\n", - " \"secret\" : \"#btsync-secret\",\n", + " \"secret\" : \"#rslsync-secret\",\n", " \"dir\" : \"/secure/Sync\",\n", " \"use_relay_server\" : true,\n", " \"use_tracker\" : true,\n", @@ -305,53 +314,53 @@ " \"overwrite_changes\" : false\n", " } ]\n\n", - "/* Advanced preferences can be added to config file. Info is available at http://sync-help.bittorrent.com */\n", - "}\n" + "/* Advanced preferences can be added to config file. Info is available at https://help.getsync.com/hc/en-us/articles/206178884-Running-Sync-in-configuration-mode */\n", + "}\n" ]]}, "mode" : "000700", "owner" : "root", "group" : "root" }, - - "/opt/btsync.conf.web" : { + + "/opt/rslsync.conf.web" : { "content" : { "Fn::Join" : ["", [ "{\n", " \"device_name\" : \"", { "Ref": "DeviceName" }, "\",\n", " \"storage_path\": \"/secure/.sync\",\n", " \"listening_port\": 40003,\n\n", - + " \"webui\": {\n", " \"listen\" : \"0.0.0.0:443\",\n", " \"force_https\" : true,\n", " \"login\" : \"", { "Ref": "WebInterfaceUsername" }, "\",\n", " \"password\" : \"", { "Ref": "WebInterfacePassword" }, "\",\n", - " \"ssl_certificate\" : \"/secure/btsync.crt\",\n", - " \"ssl_private_key\" : \"/secure/btsync.key.plaintext\"\n", + " \"ssl_certificate\" : \"/secure/rslsync.crt\",\n", + " \"ssl_private_key\" : \"/secure/rslsync.key.plaintext\"\n", " }\n", - "/* Advanced preferences can be added to config file. Info is available at http://sync-help.bittorrent.com */\n", + "/* Advanced preferences can be added to config file. Info is available at https://help.getsync.com/hc/en-us/articles/206178884-Running-Sync-in-configuration-mode */\n", "}\n" ]]}, "mode" : "000700", "owner" : "root", "group" : "root" }, - - "/etc/init.d/btsync" : { + + "/etc/init.d/rslsync" : { "content" : { "Fn::Join" : ["", [ "#!/bin/sh\n", "# chkconfig: 12345 97 97\n", - "# description: BitTorrent Sync\n\n", + "# description: Resilio Sync\n\n", "case \"$1\" in\n", "start)\n", - " /secure/btsync --config /secure/btsync.conf\n", + " /secure/rslsync --config /secure/rslsync.conf\n", ";;\n", "stop)\n", - " kill `pidof btsync`\n", + " kill `pidof rslsync`\n", ";;\n", "restart)\n", - " service btsync stop\n", + " service rslsync stop\n", " sleep 5\n", - " service btsync start\n", + " service rslsync start\n", ";;\n", "*)\n", " exit 1\n", @@ -361,8 +370,8 @@ "mode" : "000700", "owner" : "root", "group" : "root" - }, - + }, + "/etc/cfn/cfn-hup.conf" : { "content" : { "Fn::Join" : ["", [ "[main]\n", @@ -378,14 +387,14 @@ "content": { "Fn::Join" : ["", [ "[cfn-auto-reloader-hook]\n", "triggers=post.update\n", - "path=Resources.BitTorrentSyncInstance.Metadata.AWS::CloudFormation::Init\n", - "action=/opt/aws/bin/cfn-init -s ", { "Ref" : "AWS::StackId" }, " -r BitTorrentSyncInstance ", + "path=Resources.ResilioSyncInstance.Metadata.AWS::CloudFormation::Init\n", + "action=/opt/aws/bin/cfn-init -s ", { "Ref" : "AWS::StackId" }, " -r ResilioSyncInstance ", " --region ", { "Ref" : "AWS::Region" }, "\n", "runas=root\n" ]]} } }, - + "commands" : { "01-encrypt-volume" : { "command" : { "Fn::Join" : ["", [ @@ -402,24 +411,24 @@ ]]} }, "03-format-volume" : { - "command" : "mkfs.ext4 -m 0 /dev/mapper/storedev" + "command" : "mkfs.ext4 -m 0 /dev/mapper/storedev" }, "04-create-mount-point" : { - "command" : "mkdir /secure" + "command" : "mkdir /secure" }, "05-mount-encrypted-volume" : { - "command" : "mount /dev/mapper/storedev /secure" + "command" : "mount /dev/mapper/storedev /secure" }, "06-move-app-and-config" : { - "command" : "mv btsync* /secure", - "cwd": "/opt" + "command" : "mv rslsync* /secure", + "cwd": "/opt" }, - "07-unzip-btsync" : { - "command" : "gzip -d btsync.tar.gz", + "07-unzip-rslsync" : { + "command" : "gzip -d rslsync.tar.gz", "cwd" : "/secure" }, - "08-extract-btsync" : { - "command" : "tar -xvf /secure/btsync.tar -C /secure", + "08-extract-rslsync" : { + "command" : "tar -xvf /secure/rslsync.tar -C /secure", "cwd" : "/secure" }, "09-generate-random-file" : { @@ -433,7 +442,7 @@ "command" : { "Fn::Join" : ["", [ "openssl genrsa -aes256 -passout pass:", { "Ref": "SSLCertKeyPassword" }, - " -out btsync.key 4096" + " -out rslsync.key 4096" ]]}, "cwd" : "/secure" }, @@ -441,7 +450,7 @@ "command" : { "Fn::Join" : ["", [ "openssl req -passin pass:", { "Ref": "SSLCertKeyPassword" }, - " -new -subj \"/C=US/ST=US/L=Nowhere/O=Nowhere/CN=rainstash\" -key btsync.key -out btsync.csr" + " -new -subj \"/C=US/ST=US/L=Nowhere/O=Nowhere/CN=rainstash\" -key rslsync.key -out rslsync.csr" ]]}, "cwd" : "/secure" }, @@ -449,35 +458,35 @@ "command" : { "Fn::Join" : ["", [ "openssl rsa -passin pass:", { "Ref": "SSLCertKeyPassword" }, - " -in btsync.key -out btsync.key.plaintext" + " -in rslsync.key -out rslsync.key.plaintext" ]]}, "cwd" : "/secure" }, "14-create-self-signed-certificate" : { - "command" : "openssl x509 -req -days 365 -in btsync.csr -signkey btsync.key.plaintext -out btsync.crt", + "command" : "openssl x509 -req -days 365 -in rslsync.csr -signkey rslsync.key.plaintext -out rslsync.crt", "cwd" : "/secure" }, "15-create-sync-directory" : { "command" : "mkdir .sync", "cwd" : "/secure" }, - "16-get-btsync-secret" : { + "16-get-rslsync-secret" : { "command" : { "Fn::Join" : ["", [ - "sed -i.bak s/#btsync-secret/", + "sed -i.bak s/#rslsync-secret/", { "Ref": "FolderKey" }, - "/g btsync.conf" + "/g rslsync.conf" ]]}, "cwd" : "/secure" }, - "17-start-btsync" : { - "command" : "service btsync start" + "17-start-rslsync" : { + "command" : "service rslsync start" }, "18-enable-web" : { - "command" : "cp btsync.conf.web btsync.conf", + "command" : "cp rslsync.conf.web rslsync.conf", "cwd" : "/secure" }, - "19-restart-btsync" : { - "command" : "service btsync restart" + "19-restart-rslsync" : { + "command" : "service rslsync restart" }, "20-update-the-system" : { "command" : "yum -y update" @@ -485,10 +494,10 @@ }, "services" : { "sysvinit" : { - "btsync" : { + "rslsync" : { "enabled" : "true", "ensureRunning" : "true", - "files" : ["/secure/btsync.conf"] + "files" : ["/secure/rslsync.conf"] } } } @@ -503,7 +512,7 @@ "Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} } ], "PrivateIpAddress": "192.168.10.10", "SecurityGroupIds": [ { "Ref": "InstanceSecurityGroup" } ], - "Volumes" : [ { + "Volumes" : [ { "VolumeId" : { "Ref" : "DataVolume" }, "Device" : "/dev/xvdf" } ], @@ -514,32 +523,32 @@ "# Helper function\n", "function error_exit\n", "{\n", - " /opt/aws/bin/cfn-signal -e 1 -r \"$1\" '", { "Ref" : "BitTorrentSyncWaitHandle" }, "'\n", + " /opt/aws/bin/cfn-signal -e 1 -r \"$1\" '", { "Ref" : "ResilioSyncWaitHandle" }, "'\n", " exit 1\n", "}\n", "# Install the simple web page\n", - "/opt/aws/bin/cfn-init -v -s ", { "Ref" : "AWS::StackId" }, " -r BitTorrentSyncInstance ", + "/opt/aws/bin/cfn-init -v -s ", { "Ref" : "AWS::StackId" }, " -r ResilioSyncInstance ", " --region ", { "Ref" : "AWS::Region" }, " || error_exit 'Failed to run cfn-init'\n", - "# Start up the cfn-hup daemon to listen for changes to the BitTorrentSync instance metadata\n", + "# Start up the cfn-hup daemon to listen for changes to the ResilioSync instance metadata\n", "/opt/aws/bin/cfn-hup || error_exit 'Failed to start cfn-hup'\n", "# All done so signal success\n", - "/opt/aws/bin/cfn-signal -e 0 -r \"BitTorrentSync instance setup complete\" '", { "Ref" : "BitTorrentSyncWaitHandle" }, "'\n" + "/opt/aws/bin/cfn-signal -e 0 -r \"ResilioSync instance setup complete\" '", { "Ref" : "ResilioSyncWaitHandle" }, "'\n" ]]}} } }, - "BitTorrentSyncWaitHandle" : { + "ResilioSyncWaitHandle" : { "Type" : "AWS::CloudFormation::WaitConditionHandle" }, - "BitTorrentSyncWaitCondition" : { + "ResilioSyncWaitCondition" : { "Type" : "AWS::CloudFormation::WaitCondition", - "DependsOn" : "BitTorrentSyncInstance", + "DependsOn" : "ResilioSyncInstance", "Properties" : { - "Handle" : {"Ref" : "BitTorrentSyncWaitHandle"}, + "Handle" : {"Ref" : "ResilioSyncWaitHandle"}, "Timeout" : "3600" } } @@ -548,7 +557,7 @@ "Outputs" : { "VPCId" : { "Description" : "VPCId of the newly created VPC", - "Value" : { "Ref" : "BitTorrentSyncVPC" } + "Value" : { "Ref" : "ResilioSyncVPC" } }, "PrivateSubnet" : { "Description" : "SubnetId of the VPN connected subnet",