diff --git a/terraform/aws-public/elb.tf b/terraform/aws-public/elb.tf deleted file mode 100644 index 164659c0..00000000 --- a/terraform/aws-public/elb.tf +++ /dev/null @@ -1,31 +0,0 @@ -resource "aws_elb" "web" { - name = "${var.elb_name}" - - subnets = ["${aws_subnet.public.*.id}"] - - security_groups = ["${aws_security_group.default.id}"] - - listener { - instance_port = 80 - instance_protocol = "http" - lb_port = 80 - lb_protocol = "http" - } - - # Traefik health check - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - target = "HTTP:8888/health" - interval = 30 - } - - instances = ["${aws_instance.mesos-slave.*.id}"] - cross_zone_load_balancing = true -} - -resource "aws_proxy_protocol_policy" "http" { - load_balancer = "${aws_elb.web.name}" - instance_ports = ["80"] -} diff --git a/terraform/aws-public/elb/main.tf b/terraform/aws-public/elb/main.tf new file mode 100644 index 00000000..3776b4eb --- /dev/null +++ b/terraform/aws-public/elb/main.tf @@ -0,0 +1,45 @@ +variable "elb_name" { default = "apollo-elb" } +variable "backend_port" { default = "80"} +variable "backend_protocol" { default = "http" } +variable "health_check_target" { default = "HTTP:8888/health" } +variable "instances" {} +variable "subnets" {} +variable "security_groups" {} + +resource "aws_elb" "elb" { + name = "${var.elb_name}" + cross_zone_load_balancing = true + subnets = ["${split(\",\", var.subnets)}"] + security_groups = ["${split(\",\",var.security_groups)}"] + instances = ["${split(\",\", var.instances)}"] + + listener { + instance_port = "${var.backend_port}" + instance_protocol = "${var.backend_protocol}" + lb_port = 80 + lb_protocol = "http" + } + + # Traefik health check + health_check { + healthy_threshold = 2 + unhealthy_threshold = 2 + timeout = 3 + target = "${var.health_check_target}" + interval = 30 + } + + tags { + Name = "${var.elb_name}" + } +} + +resource "aws_proxy_protocol_policy" "http" { + load_balancer = "${aws_elb.elb.name}" + instance_ports = ["80"] +} + +# outputs +output "elb_id" { value = "${aws_elb.elb.id}" } +output "elb_name" { value = "${aws_elb.elb.name}" } +output "elb_dns_name" { value = "${aws_elb.elb.dns_name}" } diff --git a/terraform/aws-public/etcd_discovery_url.txt b/terraform/aws-public/etcd_discovery_url.txt index e69de29b..5eaac65a 100644 --- a/terraform/aws-public/etcd_discovery_url.txt +++ b/terraform/aws-public/etcd_discovery_url.txt @@ -0,0 +1 @@ +https://discovery.etcd.io/365f729dcd00529b8a181c72a4c66f6a \ No newline at end of file diff --git a/terraform/aws-public/keypair/main.tf b/terraform/aws-public/keypair/main.tf new file mode 100644 index 00000000..d7199807 --- /dev/null +++ b/terraform/aws-public/keypair/main.tf @@ -0,0 +1,14 @@ +# input variables +variable "short_name" { default = "apollo" } +variable "public_key_filename" { default = "~/.ssh/id_rsa_aws.pub" } + +# SSH keypair for the instances +resource "aws_key_pair" "default" { + key_name = "${var.short_name}" + public_key = "${file(var.public_key_filename)}" +} + +# output variables +output "keypair_name" { + value = "${aws_key_pair.default.key_name}" +} diff --git a/terraform/aws-public/main.tf b/terraform/aws-public/main.tf new file mode 100644 index 00000000..8975e501 --- /dev/null +++ b/terraform/aws-public/main.tf @@ -0,0 +1,81 @@ +provider "aws" { + access_key = "${var.access_key}" + secret_key = "${var.secret_key}" + region = "${var.region}" +} + +resource "aws_vpc" "default" { + cidr_block = "${var.vpc_cidr_block}" + enable_dns_support = true + enable_dns_hostnames = true + lifecycle { + create_before_destroy = true + } +} + +# ssh keypair for instances +module "aws-keypair" { + source = "./keypair" + + public_key_filename = "${var.public_key_file}" +} + +# internet gateway +module "igw" { + source = "github.com/terraform-community-modules/tf_aws_igw" + + name = "public" + vpc_id = "${aws_vpc.default.id}" +} + +# public subnets +module "public_subnet" { + source = "github.com/terraform-community-modules/tf_aws_public_subnet" + + name = "public" + cidrs = "10.0.1.0/24,10.0.2.0/24,10.0.3.0/24" + azs = "${var.availability_zones}" + vpc_id = "${aws_vpc.default.id}" + igw_id = "${module.igw.igw_id}" +} + +# security group to allow all traffic in and out of the instances +module "sg-default" { + source = "./sg-all-traffic" + + vpc_id = "${aws_vpc.default.id}" +} + +module "elb" { + source = "./elb" + + security_groups = "${module.sg-default.security_group_id}" + instances = "${join(\",\", aws_instance.mesos-slave.*.id)}" + subnets = "${module.public_subnet.subnet_ids}" +} + +# Generate an etcd URL for the cluster +resource "template_file" "etcd_discovery_url" { + template = "/dev/null" + provisioner "local-exec" { + command = "curl https://discovery.etcd.io/new?size=${var.masters + var.slaves} > ${var.etcd_discovery_url_file}" + } + # This will regenerate the discovery URL if the cluster size changes + vars { + size = "${var.masters + var.slaves}" + } +} + +# outputs +output "master.1.ip" { + value = "${aws_instance.mesos-master.0.public_ip}" +} +output "master_ips" { + value = "${join(",", aws_instance.mesos-master.*.public_ip)}" +} +output "slave_ips" { + value = "${join(",", aws_instance.mesos-slave.*.public_ip)}" +} +output "elb.hostname" { + value = "${module.elb.elb_dns_name}" +} diff --git a/terraform/aws-public/mesos-masters.tf b/terraform/aws-public/mesos-masters.tf index 8d2f3cea..4c4540dd 100644 --- a/terraform/aws-public/mesos-masters.tf +++ b/terraform/aws-public/mesos-masters.tf @@ -11,7 +11,7 @@ module "master_ami" { } resource "template_file" "master_cloud_init" { - filename = "cloud-config.yml.tpl" + template = "cloud-config.yml.tpl" depends_on = ["template_file.etcd_discovery_url"] vars { etcd_discovery_url = "${file(var.etcd_discovery_url_file)}" @@ -23,10 +23,10 @@ resource "aws_instance" "mesos-master" { instance_type = "${var.master_instance_type}" ami = "${module.master_ami.ami_id}" count = "${var.masters}" - key_name = "${aws_key_pair.deployer.key_name}" - subnet_id = "${element(aws_subnet.public.*.id, count.index)}" + key_name = "${module.aws-keypair.keypair_name}" + subnet_id = "${element(split(",", module.public_subnet.subnet_ids), count.index)}" source_dest_check = false - security_groups = ["${aws_security_group.default.id}"] + security_groups = ["${module.sg-default.security_group_id}"] user_data = "${template_file.master_cloud_init.rendered}" tags = { Name = "apollo-mesos-master-${count.index}" diff --git a/terraform/aws-public/mesos-slaves.tf b/terraform/aws-public/mesos-slaves.tf index 3468213d..41294b84 100644 --- a/terraform/aws-public/mesos-slaves.tf +++ b/terraform/aws-public/mesos-slaves.tf @@ -11,7 +11,7 @@ module "slave_ami" { } resource "template_file" "slave_cloud_init" { - filename = "cloud-config.yml.tpl" + template = "cloud-config.yml.tpl" depends_on = ["template_file.etcd_discovery_url"] vars { etcd_discovery_url = "${file(var.etcd_discovery_url_file)}" @@ -23,10 +23,10 @@ resource "aws_instance" "mesos-slave" { instance_type = "${var.slave_instance_type}" ami = "${module.slave_ami.ami_id}" count = "${var.slaves}" - key_name = "${aws_key_pair.deployer.key_name}" - subnet_id = "${element(aws_subnet.public.*.id, count.index)}" + key_name = "${module.aws-keypair.keypair_name}" + subnet_id = "${element(split(",", module.public_subnet.subnet_ids), count.index)}" source_dest_check = false - security_groups = ["${aws_security_group.default.id}"] + security_groups = ["${module.sg-default.security_group_id}"] depends_on = ["aws_instance.mesos-master"] user_data = "${template_file.slave_cloud_init.rendered}" tags = { diff --git a/terraform/aws-public/outputs.tf b/terraform/aws-public/outputs.tf deleted file mode 100644 index f2768e16..00000000 --- a/terraform/aws-public/outputs.tf +++ /dev/null @@ -1,12 +0,0 @@ -output "master.1.ip" { - value = "${aws_instance.mesos-master.0.public_ip}" -} -output "master_ips" { - value = "${join(",", aws_instance.mesos-master.*.public_ip)}" -} -output "slave_ips" { - value = "${join(",", aws_instance.mesos-slave.*.public_ip)}" -} -output "elb.hostname" { - value = "${aws_elb.web.dns_name}" -} diff --git a/terraform/aws-public/provider.tf b/terraform/aws-public/provider.tf deleted file mode 100644 index 92059c40..00000000 --- a/terraform/aws-public/provider.tf +++ /dev/null @@ -1,29 +0,0 @@ -provider "aws" { - access_key = "${var.access_key}" - secret_key = "${var.secret_key}" - region = "${var.region}" -} - -resource "aws_vpc" "default" { - cidr_block = "${var.vpc_cidr_block}" - enable_dns_support = true - enable_dns_hostnames = true -} - -# SSH keypair for the instances -resource "aws_key_pair" "deployer" { - key_name = "${var.key_name}" - public_key = "${file(var.key_file)}" -} - -# Generate an etcd URL for the cluster -resource "template_file" "etcd_discovery_url" { - filename = "/dev/null" - provisioner "local-exec" { - command = "curl https://discovery.etcd.io/new?size=${var.masters + var.slaves} > ${var.etcd_discovery_url_file}" - } - # This will regenerate the discovery URL if the cluster size changes - vars { - size = "${var.masters + var.slaves}" - } -} diff --git a/terraform/aws-public/public-subnet.tf b/terraform/aws-public/public-subnet.tf deleted file mode 100644 index 8164bd1c..00000000 --- a/terraform/aws-public/public-subnet.tf +++ /dev/null @@ -1,40 +0,0 @@ -# Internet gateway for the public subnet -resource "aws_internet_gateway" "public" { - vpc_id = "${aws_vpc.default.id}" -} - -# Public subnet -resource "aws_subnet" "public" { - vpc_id = "${aws_vpc.default.id}" - count = "${length(split(",", var.availability_zones))}" - availability_zone = "${element(split(",", var.availability_zones), count.index)}" - cidr_block = "10.0.${count.index}.0/24" - map_public_ip_on_launch = true - depends_on = ["aws_internet_gateway.public"] - tags { - Name = "public" - } -} - -# Routing table for public subnet -resource "aws_route_table" "public" { - vpc_id = "${aws_vpc.default.id}" - route { - cidr_block = "0.0.0.0/0" - gateway_id = "${aws_internet_gateway.public.id}" - } - tags { - Name = "main" - } -} - -resource "aws_main_route_table_association" "public" { - vpc_id = "${aws_vpc.default.id}" - route_table_id = "${aws_route_table.public.id}" -} - -# Associate the routing table to public subnet -resource "aws_route_table_association" "public" { - subnet_id = "${element(aws_subnet.public.*.id, count.index)}" - route_table_id = "${aws_route_table.public.id}" -} diff --git a/terraform/aws-public/security_groups.tf b/terraform/aws-public/sg-all-traffic/main.tf similarity index 55% rename from terraform/aws-public/security_groups.tf rename to terraform/aws-public/sg-all-traffic/main.tf index 5a17e017..5f98ee2e 100644 --- a/terraform/aws-public/security_groups.tf +++ b/terraform/aws-public/sg-all-traffic/main.tf @@ -1,8 +1,12 @@ -# Default security group +variable "security_group_name" { default = "default-apollo-mesos" } +variable "vpc_id" {} +variable "source_cidr_block" { default = "0.0.0.0/0" } + +# Security group that allows all traffic everywhere resource "aws_security_group" "default" { - name = "default-apollo-mesos" + name = "${var.security_group_name}" description = "Default security group that allows all traffic" - vpc_id = "${aws_vpc.default.id}" + vpc_id = "${var.vpc_id}" # Allows inbound and outbound traffic from all instances in the VPC. ingress { @@ -17,7 +21,7 @@ resource "aws_security_group" "default" { from_port = "0" to_port = "0" protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = ["${var.source_cidr_block}"] } # Allows all outbound traffic. @@ -25,9 +29,14 @@ resource "aws_security_group" "default" { from_port = 0 to_port = 0 protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] + cidr_blocks = ["${var.source_cidr_block}"] } tags { Name = "apollo-mesos-default-security-group" } } + +# output variables +output "security_group_id" { + value = "${aws_security_group.default.id}" +} diff --git a/terraform/aws-public/variables.tf b/terraform/aws-public/variables.tf index 56ab70ca..16c57ee5 100644 --- a/terraform/aws-public/variables.tf +++ b/terraform/aws-public/variables.tf @@ -1,14 +1,12 @@ variable "access_key" {} variable "secret_key" {} -variable "key_name" { default = "deployer"} -variable "key_file" {} +variable "public_key_file" { default = "~/.ssh/id_rsa_aws.pub" } variable "region" { default = "eu-west-1" } -variable "availability_zones" { default = "" } # zones list separated by , +variable "availability_zones" { default = "eu-west-1a,eu-west-1b,eu-west-1c" } variable "coreos_channel" { default = "stable" } variable "etcd_discovery_url_file" { default = "etcd_discovery_url.txt" } variable "masters" { default = "3" } variable "master_instance_type" { default = "m3.medium" } variable "slaves" { default = "1" } variable "slave_instance_type" { default = "m3.medium" } -variable "elb_name" { default = "apollo-elb" } variable "vpc_cidr_block" { default = "10.0.0.0/16" } diff --git a/terraform/aws/aws-vpc.tf b/terraform/aws/aws-vpc.tf index 389eaa33..9c00e500 100644 --- a/terraform/aws/aws-vpc.tf +++ b/terraform/aws/aws-vpc.tf @@ -17,7 +17,7 @@ resource "aws_key_pair" "deployer" { # Generate an etcd URL for the cluster resource "template_file" "etcd_discovery_url" { - filename = "/dev/null" + template = "/dev/null" provisioner "local-exec" { command = "curl https://discovery.etcd.io/new?size=${var.masters + var.slaves} > ${var.etcd_discovery_url_file}" } diff --git a/terraform/aws/mesos-masters.tf b/terraform/aws/mesos-masters.tf index 2e25e5cc..5591e084 100644 --- a/terraform/aws/mesos-masters.tf +++ b/terraform/aws/mesos-masters.tf @@ -11,7 +11,7 @@ module "master_ami" { } resource "template_file" "master_cloud_init" { - filename = "cloud-config.yml.tpl" + template = "cloud-config.yml.tpl" depends_on = ["template_file.etcd_discovery_url"] vars { etcd_discovery_url = "${file(var.etcd_discovery_url_file)}" diff --git a/terraform/aws/mesos-slaves.tf b/terraform/aws/mesos-slaves.tf index cdeba684..22477133 100644 --- a/terraform/aws/mesos-slaves.tf +++ b/terraform/aws/mesos-slaves.tf @@ -11,7 +11,7 @@ module "slave_ami" { } resource "template_file" "slave_cloud_init" { - filename = "cloud-config.yml.tpl" + template = "cloud-config.yml.tpl" depends_on = ["template_file.etcd_discovery_url"] vars { etcd_discovery_url = "${file(var.etcd_discovery_url_file)}"