Initial modularisation of aws-public

terraform/aws-public/elb/main.tf

@@ -0,0 +1,45 @@
+variable "elb_name" { default = "apollo-elb" }
+variable "backend_port" { default = "80"}
+variable "backend_protocol" { default = "http" }
+variable "health_check_target" { default = "HTTP:8888/health" }
+variable "instances" {}
+variable "subnets" {}
+variable "security_groups" {}
+
+resource "aws_elb" "elb" {
+  name                      = "${var.elb_name}"
+  cross_zone_load_balancing = true
+  subnets                   = ["${split(\",\", var.subnets)}"]
+  security_groups           = ["${split(\",\",var.security_groups)}"]
+  instances                 = ["${split(\",\", var.instances)}"]
+
+  listener {
+    instance_port     = "${var.backend_port}"
+    instance_protocol = "${var.backend_protocol}"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+
+  # Traefik health check
+  health_check {
+    healthy_threshold   = 2
+    unhealthy_threshold = 2
+    timeout             = 3
+    target              = "${var.health_check_target}"
+    interval            = 30
+  }
+
+  tags {
+    Name = "${var.elb_name}"
+  }
+}
+
+resource "aws_proxy_protocol_policy" "http" {
+  load_balancer = "${aws_elb.elb.name}"
+  instance_ports = ["80"]
+}
+
+# outputs
+output "elb_id" { value = "${aws_elb.elb.id}" }
+output "elb_name" { value = "${aws_elb.elb.name}" }
+output "elb_dns_name" { value = "${aws_elb.elb.dns_name}" }

terraform/aws-public/etcd_discovery_url.txt

@@ -0,0 +1 @@
+https://discovery.etcd.io/365f729dcd00529b8a181c72a4c66f6a

terraform/aws-public/keypair/main.tf

@@ -0,0 +1,14 @@
+# input variables
+variable "short_name" { default = "apollo" }
+variable "public_key_filename" { default = "~/.ssh/id_rsa_aws.pub" }
+
+# SSH keypair for the instances
+resource "aws_key_pair" "default" {
+  key_name   = "${var.short_name}"
+  public_key = "${file(var.public_key_filename)}"
+}
+
+# output variables
+output "keypair_name" {
+  value = "${aws_key_pair.default.key_name}"
+}

terraform/aws-public/main.tf

@@ -0,0 +1,81 @@
+provider "aws" {
+  access_key = "${var.access_key}"
+  secret_key = "${var.secret_key}"
+  region     = "${var.region}"
+}
+
+resource "aws_vpc" "default" {
+  cidr_block           = "${var.vpc_cidr_block}"
+  enable_dns_support   = true
+  enable_dns_hostnames = true
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+# ssh keypair for instances
+module "aws-keypair" {
+  source = "./keypair"
+
+  public_key_filename = "${var.public_key_file}"
+}
+
+# internet gateway
+module "igw" {
+  source = "github.com/terraform-community-modules/tf_aws_igw"
+
+  name   = "public"
+  vpc_id = "${aws_vpc.default.id}"
+}
+
+# public subnets
+module "public_subnet" {
+  source = "github.com/terraform-community-modules/tf_aws_public_subnet"
+
+  name   = "public"
+  cidrs  = "10.0.1.0/24,10.0.2.0/24,10.0.3.0/24"
+  azs    = "${var.availability_zones}"
+  vpc_id = "${aws_vpc.default.id}"
+  igw_id = "${module.igw.igw_id}"
+}
+
+# security group to allow all traffic in and out of the instances
+module "sg-default" {
+  source = "./sg-all-traffic"
+
+  vpc_id = "${aws_vpc.default.id}"
+}
+
+module "elb" {
+  source = "./elb"
+
+  security_groups = "${module.sg-default.security_group_id}"
+  instances       = "${join(\",\", aws_instance.mesos-slave.*.id)}"
+  subnets         = "${module.public_subnet.subnet_ids}"
+}
+
+# Generate an etcd URL for the cluster
+resource "template_file" "etcd_discovery_url" {
+  template = "/dev/null"
+  provisioner "local-exec" {
+    command = "curl https://discovery.etcd.io/new?size=${var.masters + var.slaves} > ${var.etcd_discovery_url_file}"
+  }
+  # This will regenerate the discovery URL if the cluster size changes
+  vars {
+    size = "${var.masters + var.slaves}"
+  }
+}
+
+# outputs
+output "master.1.ip" {
+  value = "${aws_instance.mesos-master.0.public_ip}"
+}
+output "master_ips" {
+  value = "${join(",", aws_instance.mesos-master.*.public_ip)}"
+}
+output "slave_ips" {
+  value = "${join(",", aws_instance.mesos-slave.*.public_ip)}"
+}
+output "elb.hostname" {
+  value = "${module.elb.elb_dns_name}"
+}

terraform/aws-public/mesos-masters.tf

@@ -11,7 +11,7 @@ module "master_ami" {
 }
 
 resource "template_file" "master_cloud_init" {
-  filename   = "cloud-config.yml.tpl"
+  template   = "cloud-config.yml.tpl"
   depends_on = ["template_file.etcd_discovery_url"]
   vars {
     etcd_discovery_url = "${file(var.etcd_discovery_url_file)}"
@@ -23,10 +23,10 @@ resource "aws_instance" "mesos-master" {
   instance_type     = "${var.master_instance_type}"
   ami               = "${module.master_ami.ami_id}"
   count             = "${var.masters}"
-  key_name          = "${aws_key_pair.deployer.key_name}"
-  subnet_id         = "${element(aws_subnet.public.*.id, count.index)}"
+  key_name          = "${module.aws-keypair.keypair_name}"
+  subnet_id         = "${element(split(",", module.public_subnet.subnet_ids), count.index)}"
   source_dest_check = false
-  security_groups   = ["${aws_security_group.default.id}"]
+  security_groups   = ["${module.sg-default.security_group_id}"]
   user_data         = "${template_file.master_cloud_init.rendered}"
   tags = {
     Name = "apollo-mesos-master-${count.index}"

terraform/aws-public/mesos-slaves.tf

@@ -11,7 +11,7 @@ module "slave_ami" {
 }
 
 resource "template_file" "slave_cloud_init" {
-  filename   = "cloud-config.yml.tpl"
+  template   = "cloud-config.yml.tpl"
   depends_on = ["template_file.etcd_discovery_url"]
   vars {
     etcd_discovery_url = "${file(var.etcd_discovery_url_file)}"
@@ -23,10 +23,10 @@ resource "aws_instance" "mesos-slave" {
   instance_type     = "${var.slave_instance_type}"
   ami               = "${module.slave_ami.ami_id}"
   count             = "${var.slaves}"
-  key_name          = "${aws_key_pair.deployer.key_name}"
-  subnet_id         = "${element(aws_subnet.public.*.id, count.index)}"
+  key_name          = "${module.aws-keypair.keypair_name}"
+  subnet_id         = "${element(split(",", module.public_subnet.subnet_ids), count.index)}"
   source_dest_check = false
-  security_groups   = ["${aws_security_group.default.id}"]
+  security_groups   = ["${module.sg-default.security_group_id}"]
   depends_on        = ["aws_instance.mesos-master"]
   user_data         = "${template_file.slave_cloud_init.rendered}"
   tags = {

terraform/aws-public/security_groups.tf → terraform/aws-public/sg-all-traffic/main.tf

@@ -1,8 +1,12 @@
-# Default security group
+variable "security_group_name" { default = "default-apollo-mesos" }
+variable "vpc_id" {}
+variable "source_cidr_block" { default = "0.0.0.0/0" }
+
+# Security group that allows all traffic everywhere
 resource "aws_security_group" "default" {
-  name        = "default-apollo-mesos"
+  name        = "${var.security_group_name}"
   description = "Default security group that allows all traffic"
-  vpc_id      = "${aws_vpc.default.id}"
+  vpc_id      = "${var.vpc_id}"
 
   # Allows inbound and outbound traffic from all instances in the VPC.
   ingress {
@@ -17,17 +21,22 @@ resource "aws_security_group" "default" {
     from_port   = "0"
     to_port     = "0"
     protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
+    cidr_blocks = ["${var.source_cidr_block}"]
   }
 
   # Allows all outbound traffic.
   egress {
     from_port   = 0
     to_port     = 0
     protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
+    cidr_blocks = ["${var.source_cidr_block}"]
   }
   tags {
     Name = "apollo-mesos-default-security-group"
   }
 }
+
+# output variables
+output "security_group_id" {
+  value = "${aws_security_group.default.id}"
+}

terraform/aws-public/variables.tf

@@ -1,14 +1,12 @@
 variable "access_key" {}
 variable "secret_key" {}
-variable "key_name" { default = "deployer"}
-variable "key_file" {}
+variable "public_key_file" { default = "~/.ssh/id_rsa_aws.pub" }
 variable "region" { default = "eu-west-1" }
-variable "availability_zones" { default = "" } # zones list separated by ,
+variable "availability_zones" { default = "eu-west-1a,eu-west-1b,eu-west-1c" }
 variable "coreos_channel" { default = "stable" }
 variable "etcd_discovery_url_file" { default = "etcd_discovery_url.txt" }
 variable "masters" { default = "3" }
 variable "master_instance_type" { default = "m3.medium" }
 variable "slaves" { default = "1" }
 variable "slave_instance_type" { default = "m3.medium" }
-variable "elb_name" { default = "apollo-elb" }
 variable "vpc_cidr_block" { default = "10.0.0.0/16" }

terraform/aws/aws-vpc.tf

@@ -17,7 +17,7 @@ resource "aws_key_pair" "deployer" {
 
 # Generate an etcd URL for the cluster
 resource "template_file" "etcd_discovery_url" {
-  filename = "/dev/null"
+  template = "/dev/null"
   provisioner "local-exec" {
     command = "curl https://discovery.etcd.io/new?size=${var.masters + var.slaves} > ${var.etcd_discovery_url_file}"
   }

terraform/aws/mesos-masters.tf

@@ -11,7 +11,7 @@ module "master_ami" {
 }
 
 resource "template_file" "master_cloud_init" {
-  filename   = "cloud-config.yml.tpl"
+  template   = "cloud-config.yml.tpl"
   depends_on = ["template_file.etcd_discovery_url"]
   vars {
     etcd_discovery_url = "${file(var.etcd_discovery_url_file)}"

terraform/aws/mesos-slaves.tf

@@ -11,7 +11,7 @@ module "slave_ami" {
 }
 
 resource "template_file" "slave_cloud_init" {
-  filename   = "cloud-config.yml.tpl"
+  template   = "cloud-config.yml.tpl"
   depends_on = ["template_file.etcd_discovery_url"]
   vars {
     etcd_discovery_url = "${file(var.etcd_discovery_url_file)}"