Terraform module to setup a Chef Server in standalone mode. Nothing spectacular here and a very simple implementation. Once this is up and running, recommend you use Chef to configure your Chef Server to suit your needs.
- Requires:
- AWS (duh!)
- AWS subnet id
- AWS VPC id
- SSL certificate/key for created instance
- Terraform >= 0.7.4
- Uses a public IP and public DNS
- Creates default security group as follows:
- 22/tcp: SSH
- 443/tcp: HTTPS
- 80/tcp: HTTP
- 10000-10003: Chef Push Jobs
- Understand Terraform and ability to read the source
In your terraform plan:
module "module_name_here" {
source = "github.com/mengesb/tf_chef_server"
aws = {
access_key = "AWS_ACCESS_KEY_ID"
secret_key = "AWS_SECRET_ACCESS_KEY"
}
aws_network = {
subnet = "AWS_SUBNET_ID"
vpc = "AWS_VPC_ID"
}
chef_license = "true"
chef_ssl = {
cert = "SSL_CERTIFICATE"
key = "SSL_CERTIFICATE_KEY"
}
instance_key = {
file = "AWS_INSTANCE_SSH_KEY_FILE"
name = "AWS_INSTANCE_KEY_NAME"
}
}
- Clone this repo:
git clone https://github.com/mengesb/tf_chef_server.git
- Make a local terraform.tfvars file:
cp terraform.tfvars.example terraform.tfvars
- Edit
terraform.tfvars
with your editor of choice, ensuringaccept_license
is set totrue
- Test the plan:
terraform plan
- Apply the plan:
terraform apply
All supported OSes are 64-bit and HVM (though PV should be supported)
- Ubuntu 12.04 LTS
- Ubuntu 14.04 LTS (Default)
- Ubuntu 16.04 LTS (pending)
- CentOS 7 (pending)
- Others (here be dragons! Please see Map Variables)
These resources will incur charges on your AWS bill. It is your responsibility to delete the resources.
aws
: AWS accessibility settingsaccess_key
: Your AWS key, usually referred to asAWS_ACCESS_KEY_ID
secret_key
: Your secret for your AWS key, usually referred to asAWS_SECRET_ACCESS_KEY
aws_region
: AWS region you want to deploy to. Default:us-west-1
aws_network
: AWS networking settingssubnet
: The AWS id of the subnet to use. Example:subnet-ffffffff
vpc
: The AWS id of the VPC to use. Example:vpc-ffffffff
instance
: AWS EC2 instance host settingsdomain
: Domain name of the host. Default:localdomain
hostname
: Hostname of the host. Default:localhost
instance_flavor
: The AWS instance type. Default:c3.xlarge
instance_key
: AWS EC2 instance key settingsfile
: The full path to the private key matching the uploaded public keyname
: The public key pair name on AWS to use
instance_public
: Associate public IP to then instance. Defaulttrue
(REQUIRED)instance_tag_desc
: Text field tag 'Description'instance_volume
: AWS EC2 instance root volume settingsdelete
: Delete root device on VM termination. Default:true
size
: Size of the root volume in GB. Default:20
type
: Type of root volume. Supportsgp2
andstandard
. Default:gp2
allowed_cidrs
: The comma seperated list of addresses in CIDR format to allow SSH access. Default:0.0.0.0/0
chef_addons
: Comma seperated list of addons to install. Default:manage,push-jobs-server,reporting
chef_license
: Chef MLSA license agreement. Default:false
; change totrue
to indicate agreementchef_log
: Log chef provisioner to file. Default:true
chef_org
: Chef organization settingsshort
: Chef organization to create. Default:chef
long
: Chef organization long name. Default:Chef Organization
chef_ssl
: Chef server SSL settingscert
: SSL certificate in PEM formatkey
: SSL certificate key
chef_user
: Chef user settingsemail
: Chef Server user's e-mail address. Default:[email protected]
first
: Chef Server user's first name. Default:Admin
last
: Chef Server user's last name. Default:User
username
: First Chef Server user. Default:admin
chef_versions
: Chef software versionsclient
: Chef client version. Default:12.15.19
server
: Chef server version. Default:12.9.1
The below mapping variables construct selection criteria
ami_map
: AMI selection map comprised ofami_os
andaws_region
ami_usermap
: Default username selection map based offami_os
The ami_map
is a combination of ami_os
and aws_region
which declares the AMI selected. To override this pre-declared AMI, define
ami_map.<ami_os>-<aws_region> = "value"
Variable ami_os
should be one of the following:
- centos7
- ubuntu12
- ubuntu14 (default)
- ubuntu16
Variable aws_region
should be one of the following:
- us-east-1
- us-west-2
- us-west-1 (default)
- eu-central-1
- eu-west-1
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- ap-northeast-2
- sa-east-1
- Custom (must be an AWS region, requires setting
ami_map
and setting AMI value)
Map ami_usermap
uses ami_os
to look the default username for interracting with the instance. To override this pre-declared user, define
ami_usermap.<ami_os> = "value"
chef_server_url
: The created chef server's URLcredentials
: Formatted text output with details about the Chef Server (sensitive)fqdn
: The fully qualified domain name of the serverknife_rb
: Chef knife.rb file for user generatedorganization
: The short form name of the organization created on the Chef Serverpassword
: Password for the created chef user (sensitive)public_ip
: The public IP address of the instanceprivate_ip
: The private IP address of the instancesecret_file
: The encrypted data bag secret filesecurity_group_id
: The AWS security group id for this instanceuser_key
: The created user's private key for chef accessusername
: The created user's username
You can view a runtime output sample here: tf_chef_server-runtime.txt
Please understand that this is a work in progress and is subject to change rapidly. Be sure to keep up to date with the repo should you fork, and feel free to contact me regarding development and suggested direction. Familiarize yoursef with the contributing before making/submitting changes.
Please refer to the CHANGELOG.md
This is licensed under the Apache 2.0 license.