Merge pull request #603 from Capgemini/594-aws-public-terraform-coreos

#594 - add terraform scripts for AWS private VPC with coreOS
Capgemini · Jan 8, 2016 · 40755ee · 40755ee
2 parents c9964fc + 50dbf45
commit 40755ee
Show file tree

Hide file tree

Showing 45 changed files with 591 additions and 650 deletions.
diff --git a/.gitignore b/.gitignore
@@ -17,6 +17,7 @@ inventory/terraform.py
 tests/spec/*/*runtime_spec.rb
 contrib-plugins/*
 vault-security.yaml
-terraform/*/.terraform
+terraform/**/.terraform
 roles/coreos_bootstrap
 roles/coreos_timezone
+terraform/aws-public/etcd_discovery_url.txt
diff --git a/bootstrap/aws-public/config-default.sh b/bootstrap/aws-public/config-default.sh
diff --git a/bootstrap/aws/config-default.sh b/bootstrap/aws/config-default.sh
diff --git a/bootstrap/aws/private-cloud/config-default.sh b/bootstrap/aws/private-cloud/config-default.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+export TF_VAR_access_key=${TF_VAR_access_key:?"Need to set TF_VAR_access_key non-empty"}
+export TF_VAR_secret_key=${TF_VAR_secret_key:?"Need to set TF_VAR_secret_key non-empty"}
+
+# Overrides default folder in Terraform.py inventory.
+export TF_VAR_STATE_ROOT="${APOLLO_ROOT}/terraform/${APOLLO_PROVIDER}"
+
+export ANSIBLE_SSH_ARGS="-F ${APOLLO_ROOT}/terraform/${APOLLO_PROVIDER}/ssh.config -q"
+
+export TF_VAR_region=${TF_VAR_region:-eu-west-1}
+export APOLLO_consul_dc=${APOLLO_consul_dc:-$TF_VAR_region}
+export APOLLO_mesos_cluster_name=${APOLLO_mesos_cluster_name:-$TF_VAR_region}
diff --git a/bootstrap/aws/util.sh → bootstrap/aws/private-cloud/util.sh b/bootstrap/aws/util.sh → bootstrap/aws/private-cloud/util.sh
@@ -18,7 +18,7 @@ ansible_ssh_config() {
     export APOLLO_bastion_ip=$( terraform output bastion.ip )
 
     # Virtual private cloud CIDR IP.
-    ip=$( terraform output vpc_cidr_block.ip )
+    ip=$( terraform output -module=vpc vpc_cidr_block )
     export APOLLO_network_identifier=$( get_network_identifier "${ip}" )
 
     cat <<EOF > ssh.config
@@ -40,7 +40,7 @@ ansible_ssh_config() {
     ControlMaster          auto
     ControlPath            ~/.ssh/mux-%r@%h:%p
     ControlPersist         30m
-    User                   ubuntu
+    User                   core
     IdentityFile           $TF_VAR_private_key_file
     UserKnownHostsFile     /dev/null
 EOF

diff --git a/bootstrap/aws/public-cloud/config-default.sh b/bootstrap/aws/public-cloud/config-default.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+export TF_VAR_access_key=${TF_VAR_access_key:?"Need to set TF_VAR_access_key non-empty"}
+export TF_VAR_secret_key=${TF_VAR_secret_key:?"Need to set TF_VAR_secret_key non-empty"}
+
+# Overrides default folder in Terraform.py inventory.
+export TF_VAR_STATE_ROOT="${APOLLO_ROOT}/terraform/${APOLLO_PROVIDER}"
+
+export ANSIBLE_SSH_ARGS="-F ${APOLLO_ROOT}/terraform/${APOLLO_PROVIDER}/ssh.config -q"
+
+export TF_VAR_region=${TF_VAR_region:-eu-west-1}
+export APOLLO_consul_dc=${APOLLO_consul_dc:-$TF_VAR_region}
+export APOLLO_mesos_cluster_name=${APOLLO_mesos_cluster_name:-$TF_VAR_region}
diff --git a/bootstrap/aws-public/util.sh → bootstrap/aws/public-cloud/util.sh b/bootstrap/aws-public/util.sh → bootstrap/aws/public-cloud/util.sh
diff --git a/playbooks/coreos-bootstrap.yml b/playbooks/coreos-bootstrap.yml
@@ -1,12 +1,12 @@
 - name: bootstrap coreos hosts
-  hosts: all
+  hosts: all:!role=bastion
   gather_facts: False
   roles:
     - coreos_bootstrap
     - coreos_timezone
 
 - name: Install docker-py
-  hosts: all
+  hosts: all:!role=bastion
   gather_facts: False
   tasks:
     - pip:

diff --git a/site.yml b/site.yml
@@ -1,6 +1,6 @@
 ---
 - hosts: all:!role=bastion
-  gather_facts: no
+  gather_facts: False
   tasks:
     - name: Wait for ssh port to become available from bastion server.
       wait_for:

diff --git a/terraform/aws-public/elb.tf b/terraform/aws-public/elb.tf
diff --git a/terraform/aws-public/outputs.tf b/terraform/aws-public/outputs.tf
diff --git a/terraform/aws-public/provider.tf b/terraform/aws-public/provider.tf
diff --git a/terraform/aws-public/public-subnet.tf b/terraform/aws-public/public-subnet.tf
diff --git a/terraform/aws-public/security_groups.tf b/terraform/aws-public/security_groups.tf
diff --git a/terraform/aws-public/variables.tf b/terraform/aws-public/variables.tf
diff --git a/terraform/aws/aws-vpc.tf b/terraform/aws/aws-vpc.tf
diff --git a/terraform/aws/elb/main.tf b/terraform/aws/elb/main.tf
@@ -0,0 +1,45 @@
+variable "elb_name" { default = "apollo-elb" }
+variable "backend_port" { default = "80"}
+variable "backend_protocol" { default = "http" }
+variable "health_check_target" { default = "HTTP:8888/health" }
+variable "instances" {}
+variable "subnets" {}
+variable "security_groups" {}
+
+resource "aws_elb" "elb" {
+  name                      = "${var.elb_name}"
+  cross_zone_load_balancing = true
+  subnets                   = ["${split(\",\", var.subnets)}"]
+  security_groups           = ["${split(\",\",var.security_groups)}"]
+  instances                 = ["${split(\",\", var.instances)}"]
+
+  listener {
+    instance_port     = "${var.backend_port}"
+    instance_protocol = "${var.backend_protocol}"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+
+  # Traefik health check
+  health_check {
+    healthy_threshold   = 2
+    unhealthy_threshold = 2
+    timeout             = 3
+    target              = "${var.health_check_target}"
+    interval            = 30
+  }
+
+  tags {
+    Name = "${var.elb_name}"
+  }
+}
+
+resource "aws_proxy_protocol_policy" "http" {
+  load_balancer = "${aws_elb.elb.name}"
+  instance_ports = ["80"]
+}
+
+# outputs
+output "elb_id" { value = "${aws_elb.elb.id}" }
+output "elb_name" { value = "${aws_elb.elb.name}" }
+output "elb_dns_name" { value = "${aws_elb.elb.dns_name}" }
diff --git a/terraform/aws/keypair/main.tf b/terraform/aws/keypair/main.tf
@@ -0,0 +1,14 @@
+# input variables
+variable "short_name" { default = "apollo" }
+variable "public_key_filename" { default = "~/.ssh/id_rsa_aws.pub" }
+
+# SSH keypair for the instances
+resource "aws_key_pair" "default" {
+  key_name   = "${var.short_name}"
+  public_key = "${file(var.public_key_filename)}"
+}
+
+# output variables
+output "keypair_name" {
+  value = "${aws_key_pair.default.key_name}"
+}