commit
0ed7140c88
|
@ -8,77 +8,79 @@ resource "aws_elb" "web-elb" {
|
||||||
|
|
||||||
# The same availability zone as our instances
|
# The same availability zone as our instances
|
||||||
availability_zones = ["${split(",", var.availability_zones)}"]
|
availability_zones = ["${split(",", var.availability_zones)}"]
|
||||||
|
|
||||||
listener {
|
listener {
|
||||||
instance_port = 80
|
instance_port = 80
|
||||||
instance_protocol = "http"
|
instance_protocol = "http"
|
||||||
lb_port = 80
|
lb_port = 80
|
||||||
lb_protocol = "http"
|
lb_protocol = "http"
|
||||||
}
|
}
|
||||||
|
|
||||||
health_check {
|
health_check {
|
||||||
healthy_threshold = 2
|
healthy_threshold = 2
|
||||||
unhealthy_threshold = 2
|
unhealthy_threshold = 2
|
||||||
timeout = 3
|
timeout = 3
|
||||||
target = "HTTP:80/"
|
target = "HTTP:80/"
|
||||||
interval = 30
|
interval = 30
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_autoscaling_group" "web-asg" {
|
resource "aws_autoscaling_group" "web-asg" {
|
||||||
availability_zones = ["${split(",", var.availability_zones)}"]
|
availability_zones = ["${split(",", var.availability_zones)}"]
|
||||||
name = "terraform-example-asg"
|
name = "terraform-example-asg"
|
||||||
max_size = "${var.asg_max}"
|
max_size = "${var.asg_max}"
|
||||||
min_size = "${var.asg_min}"
|
min_size = "${var.asg_min}"
|
||||||
desired_capacity = "${var.asg_desired}"
|
desired_capacity = "${var.asg_desired}"
|
||||||
force_delete = true
|
force_delete = true
|
||||||
launch_configuration = "${aws_launch_configuration.web-lc.name}"
|
launch_configuration = "${aws_launch_configuration.web-lc.name}"
|
||||||
load_balancers = ["${aws_elb.web-elb.name}"]
|
load_balancers = ["${aws_elb.web-elb.name}"]
|
||||||
|
|
||||||
#vpc_zone_identifier = ["${split(",", var.availability_zones)}"]
|
#vpc_zone_identifier = ["${split(",", var.availability_zones)}"]
|
||||||
tag {
|
tag {
|
||||||
key = "Name"
|
key = "Name"
|
||||||
value = "web-asg"
|
value = "web-asg"
|
||||||
propagate_at_launch = "true"
|
propagate_at_launch = "true"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_launch_configuration" "web-lc" {
|
resource "aws_launch_configuration" "web-lc" {
|
||||||
name = "terraform-example-lc"
|
name = "terraform-example-lc"
|
||||||
image_id = "${lookup(var.aws_amis, var.aws_region)}"
|
image_id = "${lookup(var.aws_amis, var.aws_region)}"
|
||||||
instance_type = "${var.instance_type}"
|
instance_type = "${var.instance_type}"
|
||||||
|
|
||||||
# Security group
|
# Security group
|
||||||
security_groups = ["${aws_security_group.default.id}"]
|
security_groups = ["${aws_security_group.default.id}"]
|
||||||
user_data = "${file("userdata.sh")}"
|
user_data = "${file("userdata.sh")}"
|
||||||
key_name = "${var.key_name}"
|
key_name = "${var.key_name}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Our default security group to access
|
# Our default security group to access
|
||||||
# the instances over SSH and HTTP
|
# the instances over SSH and HTTP
|
||||||
resource "aws_security_group" "default" {
|
resource "aws_security_group" "default" {
|
||||||
name = "terraform_example_sg"
|
name = "terraform_example_sg"
|
||||||
description = "Used in the terraform"
|
description = "Used in the terraform"
|
||||||
|
|
||||||
# SSH access from anywhere
|
# SSH access from anywhere
|
||||||
ingress {
|
ingress {
|
||||||
from_port = 22
|
from_port = 22
|
||||||
to_port = 22
|
to_port = 22
|
||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
}
|
}
|
||||||
|
|
||||||
# HTTP access from anywhere
|
# HTTP access from anywhere
|
||||||
ingress {
|
ingress {
|
||||||
from_port = 80
|
from_port = 80
|
||||||
to_port = 80
|
to_port = 80
|
||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
}
|
}
|
||||||
|
|
||||||
# outbound internet access
|
# outbound internet access
|
||||||
egress {
|
egress {
|
||||||
from_port = 0
|
from_port = 0
|
||||||
to_port = 0
|
to_port = 0
|
||||||
protocol = "-1"
|
protocol = "-1"
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,12 +1,15 @@
|
||||||
output "security_group" {
|
output "security_group" {
|
||||||
value = "${aws_security_group.default.id}"
|
value = "${aws_security_group.default.id}"
|
||||||
}
|
}
|
||||||
|
|
||||||
output "launch_configuration" {
|
output "launch_configuration" {
|
||||||
value = "${aws_launch_configuration.web-lc.id}"
|
value = "${aws_launch_configuration.web-lc.id}"
|
||||||
}
|
}
|
||||||
|
|
||||||
output "asg_name" {
|
output "asg_name" {
|
||||||
value = "${aws_autoscaling_group.web-asg.id}"
|
value = "${aws_autoscaling_group.web-asg.id}"
|
||||||
}
|
}
|
||||||
|
|
||||||
output "elb_name" {
|
output "elb_name" {
|
||||||
value = "${aws_elb.web-elb.dns_name}"
|
value = "${aws_elb.web-elb.dns_name}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
variable "aws_region" {
|
variable "aws_region" {
|
||||||
description = "The AWS region to create things in."
|
description = "The AWS region to create things in."
|
||||||
default = "us-east-1"
|
default = "us-east-1"
|
||||||
}
|
}
|
||||||
|
|
||||||
# ubuntu-trusty-14.04 (x64)
|
# ubuntu-trusty-14.04 (x64)
|
||||||
|
@ -12,7 +12,7 @@ variable "aws_amis" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "availability_zones" {
|
variable "availability_zones" {
|
||||||
default = "us-east-1b,us-east-1c,us-east-1d,us-east-1e"
|
default = "us-east-1b,us-east-1c,us-east-1d,us-east-1e"
|
||||||
description = "List of availability zones, use AWS CLI to find your "
|
description = "List of availability zones, use AWS CLI to find your "
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -21,22 +21,21 @@ variable "key_name" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "instance_type" {
|
variable "instance_type" {
|
||||||
default = "t2.micro"
|
default = "t2.micro"
|
||||||
description = "AWS instance type"
|
description = "AWS instance type"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "asg_min" {
|
variable "asg_min" {
|
||||||
description = "Min numbers of servers in ASG"
|
description = "Min numbers of servers in ASG"
|
||||||
default = "1"
|
default = "1"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "asg_max" {
|
variable "asg_max" {
|
||||||
description = "Max numbers of servers in ASG"
|
description = "Max numbers of servers in ASG"
|
||||||
default = "2"
|
default = "2"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "asg_desired" {
|
variable "asg_desired" {
|
||||||
description = "Desired numbers of servers in ASG"
|
description = "Desired numbers of servers in ASG"
|
||||||
default = "1"
|
default = "1"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ provider "aws" {
|
||||||
|
|
||||||
resource "aws_cloudwatch_event_rule" "foo" {
|
resource "aws_cloudwatch_event_rule" "foo" {
|
||||||
name = "${var.rule_name}"
|
name = "${var.rule_name}"
|
||||||
|
|
||||||
event_pattern = <<PATTERN
|
event_pattern = <<PATTERN
|
||||||
{
|
{
|
||||||
"detail-type": [
|
"detail-type": [
|
||||||
|
@ -16,12 +17,14 @@ resource "aws_cloudwatch_event_rule" "foo" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
PATTERN
|
PATTERN
|
||||||
|
|
||||||
role_arn = "${aws_iam_role.role.arn}"
|
role_arn = "${aws_iam_role.role.arn}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_role" "role" {
|
resource "aws_iam_role" "role" {
|
||||||
name = "${var.iam_role_name}"
|
name = "${var.iam_role_name}"
|
||||||
assume_role_policy = <<POLICY
|
|
||||||
|
assume_role_policy = <<POLICY
|
||||||
{
|
{
|
||||||
"Version": "2012-10-17",
|
"Version": "2012-10-17",
|
||||||
"Statement": [
|
"Statement": [
|
||||||
|
@ -41,6 +44,7 @@ POLICY
|
||||||
resource "aws_iam_role_policy" "policy" {
|
resource "aws_iam_role_policy" "policy" {
|
||||||
name = "tf-example-policy"
|
name = "tf-example-policy"
|
||||||
role = "${aws_iam_role.role.id}"
|
role = "${aws_iam_role.role.id}"
|
||||||
|
|
||||||
policy = <<POLICY
|
policy = <<POLICY
|
||||||
{
|
{
|
||||||
"Version": "2012-10-17",
|
"Version": "2012-10-17",
|
||||||
|
@ -61,12 +65,12 @@ POLICY
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_cloudwatch_event_target" "foobar" {
|
resource "aws_cloudwatch_event_target" "foobar" {
|
||||||
rule = "${aws_cloudwatch_event_rule.foo.name}"
|
rule = "${aws_cloudwatch_event_rule.foo.name}"
|
||||||
target_id = "${var.target_name}"
|
target_id = "${var.target_name}"
|
||||||
arn = "${aws_kinesis_stream.foo.arn}"
|
arn = "${aws_kinesis_stream.foo.arn}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_kinesis_stream" "foo" {
|
resource "aws_kinesis_stream" "foo" {
|
||||||
name = "${var.stream_name}"
|
name = "${var.stream_name}"
|
||||||
shard_count = 1
|
shard_count = 1
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,24 +1,24 @@
|
||||||
variable "aws_region" {
|
variable "aws_region" {
|
||||||
description = "The AWS region to create resources in."
|
description = "The AWS region to create resources in."
|
||||||
default = "us-east-1"
|
default = "us-east-1"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "rule_name" {
|
variable "rule_name" {
|
||||||
description = "The name of the CloudWatch Event Rule"
|
description = "The name of the CloudWatch Event Rule"
|
||||||
default = "tf-example-cloudwatch-event-rule-for-kinesis"
|
default = "tf-example-cloudwatch-event-rule-for-kinesis"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "iam_role_name" {
|
variable "iam_role_name" {
|
||||||
description = "The name of the IAM Role"
|
description = "The name of the IAM Role"
|
||||||
default = "tf-example-iam-role-for-kinesis"
|
default = "tf-example-iam-role-for-kinesis"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "target_name" {
|
variable "target_name" {
|
||||||
description = "The name of the CloudWatch Event Target"
|
description = "The name of the CloudWatch Event Target"
|
||||||
default = "tf-example-cloudwatch-event-target-for-kinesis"
|
default = "tf-example-cloudwatch-event-target-for-kinesis"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "stream_name" {
|
variable "stream_name" {
|
||||||
description = "The name of the Kinesis Stream to send events to"
|
description = "The name of the Kinesis Stream to send events to"
|
||||||
default = "tf-example-kinesis-stream"
|
default = "tf-example-kinesis-stream"
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,7 @@ provider "aws" {
|
||||||
|
|
||||||
resource "aws_cloudwatch_event_rule" "foo" {
|
resource "aws_cloudwatch_event_rule" "foo" {
|
||||||
name = "${var.rule_name}"
|
name = "${var.rule_name}"
|
||||||
|
|
||||||
event_pattern = <<PATTERN
|
event_pattern = <<PATTERN
|
||||||
{
|
{
|
||||||
"detail-type": [
|
"detail-type": [
|
||||||
|
@ -19,9 +20,9 @@ PATTERN
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_cloudwatch_event_target" "bar" {
|
resource "aws_cloudwatch_event_target" "bar" {
|
||||||
rule = "${aws_cloudwatch_event_rule.foo.name}"
|
rule = "${aws_cloudwatch_event_rule.foo.name}"
|
||||||
target_id = "${var.target_name}"
|
target_id = "${var.target_name}"
|
||||||
arn = "${aws_sns_topic.foo.arn}"
|
arn = "${aws_sns_topic.foo.arn}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_sns_topic" "foo" {
|
resource "aws_sns_topic" "foo" {
|
||||||
|
|
|
@ -1,19 +1,19 @@
|
||||||
variable "aws_region" {
|
variable "aws_region" {
|
||||||
description = "The AWS region to create resources in."
|
description = "The AWS region to create resources in."
|
||||||
default = "us-east-1"
|
default = "us-east-1"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "rule_name" {
|
variable "rule_name" {
|
||||||
description = "The name of the CloudWatch Event Rule"
|
description = "The name of the CloudWatch Event Rule"
|
||||||
default = "tf-example-cloudwatch-event-rule-for-sns"
|
default = "tf-example-cloudwatch-event-rule-for-sns"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "target_name" {
|
variable "target_name" {
|
||||||
description = "The name of the CloudWatch Event Target"
|
description = "The name of the CloudWatch Event Target"
|
||||||
default = "tf-example-cloudwatch-event-target-for-sns"
|
default = "tf-example-cloudwatch-event-target-for-sns"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "sns_topic_name" {
|
variable "sns_topic_name" {
|
||||||
description = "The name of the SNS Topic to send events to"
|
description = "The name of the SNS Topic to send events to"
|
||||||
default = "tf-example-sns-topic"
|
default = "tf-example-sns-topic"
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,20 +10,19 @@ resource "aws_elb" "web" {
|
||||||
availability_zones = ["${aws_instance.web.*.availability_zone}"]
|
availability_zones = ["${aws_instance.web.*.availability_zone}"]
|
||||||
|
|
||||||
listener {
|
listener {
|
||||||
instance_port = 80
|
instance_port = 80
|
||||||
instance_protocol = "http"
|
instance_protocol = "http"
|
||||||
lb_port = 80
|
lb_port = 80
|
||||||
lb_protocol = "http"
|
lb_protocol = "http"
|
||||||
}
|
}
|
||||||
|
|
||||||
# The instances are registered automatically
|
# The instances are registered automatically
|
||||||
instances = ["${aws_instance.web.*.id}"]
|
instances = ["${aws_instance.web.*.id}"]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
resource "aws_instance" "web" {
|
resource "aws_instance" "web" {
|
||||||
instance_type = "m1.small"
|
instance_type = "m1.small"
|
||||||
ami = "${lookup(var.aws_amis, var.aws_region)}"
|
ami = "${lookup(var.aws_amis, var.aws_region)}"
|
||||||
|
|
||||||
# This will create 4 instances
|
# This will create 4 instances
|
||||||
count = 4
|
count = 4
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
variable "aws_region" {
|
variable "aws_region" {
|
||||||
description = "The AWS region to create things in."
|
description = "The AWS region to create things in."
|
||||||
default = "us-west-2"
|
default = "us-west-2"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Ubuntu Precise 12.04 LTS (x64)
|
# Ubuntu Precise 12.04 LTS (x64)
|
||||||
|
|
|
@ -14,10 +14,10 @@ resource "aws_vpc" "main" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_subnet" "main" {
|
resource "aws_subnet" "main" {
|
||||||
count = "${var.az_count}"
|
count = "${var.az_count}"
|
||||||
cidr_block = "${cidrsubnet(aws_vpc.main.cidr_block, 8, count.index)}"
|
cidr_block = "${cidrsubnet(aws_vpc.main.cidr_block, 8, count.index)}"
|
||||||
availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
|
availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
|
||||||
vpc_id = "${aws_vpc.main.id}"
|
vpc_id = "${aws_vpc.main.id}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_internet_gateway" "gw" {
|
resource "aws_internet_gateway" "gw" {
|
||||||
|
@ -26,67 +26,75 @@ resource "aws_internet_gateway" "gw" {
|
||||||
|
|
||||||
resource "aws_route_table" "r" {
|
resource "aws_route_table" "r" {
|
||||||
vpc_id = "${aws_vpc.main.id}"
|
vpc_id = "${aws_vpc.main.id}"
|
||||||
|
|
||||||
route {
|
route {
|
||||||
cidr_block = "0.0.0.0/0"
|
cidr_block = "0.0.0.0/0"
|
||||||
gateway_id = "${aws_internet_gateway.gw.id}"
|
gateway_id = "${aws_internet_gateway.gw.id}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_route_table_association" "a" {
|
resource "aws_route_table_association" "a" {
|
||||||
count = "${var.az_count}"
|
count = "${var.az_count}"
|
||||||
subnet_id = "${element(aws_subnet.main.*.id, count.index)}"
|
subnet_id = "${element(aws_subnet.main.*.id, count.index)}"
|
||||||
route_table_id = "${aws_route_table.r.id}"
|
route_table_id = "${aws_route_table.r.id}"
|
||||||
}
|
}
|
||||||
|
|
||||||
### Compute
|
### Compute
|
||||||
|
|
||||||
resource "aws_autoscaling_group" "app" {
|
resource "aws_autoscaling_group" "app" {
|
||||||
name = "tf-test-asg"
|
name = "tf-test-asg"
|
||||||
vpc_zone_identifier = ["${aws_subnet.main.*.id}"]
|
vpc_zone_identifier = ["${aws_subnet.main.*.id}"]
|
||||||
min_size = "${var.asg_min}"
|
min_size = "${var.asg_min}"
|
||||||
max_size = "${var.asg_max}"
|
max_size = "${var.asg_max}"
|
||||||
desired_capacity = "${var.asg_desired}"
|
desired_capacity = "${var.asg_desired}"
|
||||||
launch_configuration = "${aws_launch_configuration.app.name}"
|
launch_configuration = "${aws_launch_configuration.app.name}"
|
||||||
}
|
}
|
||||||
|
|
||||||
data "template_file" "cloud_config" {
|
data "template_file" "cloud_config" {
|
||||||
template = "${file("${path.module}/cloud-config.yml")}"
|
template = "${file("${path.module}/cloud-config.yml")}"
|
||||||
|
|
||||||
vars {
|
vars {
|
||||||
aws_region = "${var.aws_region}"
|
aws_region = "${var.aws_region}"
|
||||||
ecs_cluster_name = "${aws_ecs_cluster.main.name}"
|
ecs_cluster_name = "${aws_ecs_cluster.main.name}"
|
||||||
ecs_log_level = "info"
|
ecs_log_level = "info"
|
||||||
ecs_agent_version = "latest"
|
ecs_agent_version = "latest"
|
||||||
ecs_log_group_name = "${aws_cloudwatch_log_group.ecs.name}"
|
ecs_log_group_name = "${aws_cloudwatch_log_group.ecs.name}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
data "aws_ami" "stable_coreos" {
|
data "aws_ami" "stable_coreos" {
|
||||||
most_recent = true
|
most_recent = true
|
||||||
|
|
||||||
filter {
|
filter {
|
||||||
name = "description"
|
name = "description"
|
||||||
values = ["CoreOS stable *"]
|
values = ["CoreOS stable *"]
|
||||||
}
|
}
|
||||||
|
|
||||||
filter {
|
filter {
|
||||||
name = "architecture"
|
name = "architecture"
|
||||||
values = ["x86_64"]
|
values = ["x86_64"]
|
||||||
}
|
}
|
||||||
|
|
||||||
filter {
|
filter {
|
||||||
name = "virtualization-type"
|
name = "virtualization-type"
|
||||||
values = ["hvm"]
|
values = ["hvm"]
|
||||||
}
|
}
|
||||||
|
|
||||||
owners = ["595879546273"] # CoreOS
|
owners = ["595879546273"] # CoreOS
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_launch_configuration" "app" {
|
resource "aws_launch_configuration" "app" {
|
||||||
security_groups = [
|
security_groups = [
|
||||||
"${aws_security_group.instance_sg.id}"
|
"${aws_security_group.instance_sg.id}",
|
||||||
]
|
]
|
||||||
key_name = "${var.key_name}"
|
|
||||||
image_id = "${data.aws_ami.stable_coreos.id}"
|
key_name = "${var.key_name}"
|
||||||
instance_type = "${var.instance_type}"
|
image_id = "${data.aws_ami.stable_coreos.id}"
|
||||||
iam_instance_profile = "${aws_iam_instance_profile.app.name}"
|
instance_type = "${var.instance_type}"
|
||||||
user_data = "${data.template_file.cloud_config.rendered}"
|
iam_instance_profile = "${aws_iam_instance_profile.app.name}"
|
||||||
|
user_data = "${data.template_file.cloud_config.rendered}"
|
||||||
associate_public_ip_address = true
|
associate_public_ip_address = true
|
||||||
|
|
||||||
lifecycle {
|
lifecycle {
|
||||||
create_before_destroy = true
|
create_before_destroy = true
|
||||||
}
|
}
|
||||||
|
@ -98,55 +106,59 @@ resource "aws_security_group" "lb_sg" {
|
||||||
description = "controls access to the application ELB"
|
description = "controls access to the application ELB"
|
||||||
|
|
||||||
vpc_id = "${aws_vpc.main.id}"
|
vpc_id = "${aws_vpc.main.id}"
|
||||||
name = "tf-ecs-lbsg"
|
name = "tf-ecs-lbsg"
|
||||||
|
|
||||||
ingress {
|
ingress {
|
||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
from_port = 80
|
from_port = 80
|
||||||
to_port = 80
|
to_port = 80
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
}
|
}
|
||||||
|
|
||||||
egress {
|
egress {
|
||||||
from_port = 0
|
from_port = 0
|
||||||
to_port = 0
|
to_port = 0
|
||||||
protocol = "-1"
|
protocol = "-1"
|
||||||
|
|
||||||
cidr_blocks = [
|
cidr_blocks = [
|
||||||
"0.0.0.0/0"
|
"0.0.0.0/0",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_security_group" "instance_sg" {
|
resource "aws_security_group" "instance_sg" {
|
||||||
description = "controls direct access to application instances"
|
description = "controls direct access to application instances"
|
||||||
vpc_id = "${aws_vpc.main.id}"
|
vpc_id = "${aws_vpc.main.id}"
|
||||||
name = "tf-ecs-instsg"
|
name = "tf-ecs-instsg"
|
||||||
|
|
||||||
ingress {
|
ingress {
|
||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
from_port = 22
|
from_port = 22
|
||||||
to_port = 22
|
to_port = 22
|
||||||
|
|
||||||
cidr_blocks = [
|
cidr_blocks = [
|
||||||
"${var.admin_cidr_ingress}"
|
"${var.admin_cidr_ingress}",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
ingress {
|
ingress {
|
||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
from_port = 8080
|
from_port = 8080
|
||||||
to_port = 8080
|
to_port = 8080
|
||||||
|
|
||||||
security_groups = [
|
security_groups = [
|
||||||
"${aws_security_group.lb_sg.id}"
|
"${aws_security_group.lb_sg.id}",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
egress {
|
egress {
|
||||||
from_port = 0
|
from_port = 0
|
||||||
to_port = 0
|
to_port = 0
|
||||||
protocol = "-1"
|
protocol = "-1"
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
## ECS
|
## ECS
|
||||||
|
|
||||||
resource "aws_ecs_cluster" "main" {
|
resource "aws_ecs_cluster" "main" {
|
||||||
|
@ -155,43 +167,44 @@ resource "aws_ecs_cluster" "main" {
|
||||||
|
|
||||||
data "template_file" "task_definition" {
|
data "template_file" "task_definition" {
|
||||||
template = "${file("${path.module}/task-definition.json")}"
|
template = "${file("${path.module}/task-definition.json")}"
|
||||||
|
|
||||||
vars {
|
vars {
|
||||||
image_url = "ghost:latest"
|
image_url = "ghost:latest"
|
||||||
container_name = "ghost"
|
container_name = "ghost"
|
||||||
log_group_region = "${var.aws_region}"
|
log_group_region = "${var.aws_region}"
|
||||||
log_group_name = "${aws_cloudwatch_log_group.app.name}"
|
log_group_name = "${aws_cloudwatch_log_group.app.name}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_ecs_task_definition" "ghost" {
|
resource "aws_ecs_task_definition" "ghost" {
|
||||||
family = "tf_example_ghost_td"
|
family = "tf_example_ghost_td"
|
||||||
container_definitions = "${data.template_file.task_definition.rendered}"
|
container_definitions = "${data.template_file.task_definition.rendered}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_ecs_service" "test" {
|
resource "aws_ecs_service" "test" {
|
||||||
name = "tf-example-ecs-ghost"
|
name = "tf-example-ecs-ghost"
|
||||||
cluster = "${aws_ecs_cluster.main.id}"
|
cluster = "${aws_ecs_cluster.main.id}"
|
||||||
task_definition = "${aws_ecs_task_definition.ghost.arn}"
|
task_definition = "${aws_ecs_task_definition.ghost.arn}"
|
||||||
desired_count = 1
|
desired_count = 1
|
||||||
iam_role = "${aws_iam_role.ecs_service.name}"
|
iam_role = "${aws_iam_role.ecs_service.name}"
|
||||||
|
|
||||||
load_balancer {
|
load_balancer {
|
||||||
target_group_arn = "${aws_alb_target_group.test.id}"
|
target_group_arn = "${aws_alb_target_group.test.id}"
|
||||||
container_name = "ghost"
|
container_name = "ghost"
|
||||||
container_port = "2368"
|
container_port = "2368"
|
||||||
}
|
}
|
||||||
|
|
||||||
depends_on = [
|
depends_on = [
|
||||||
"aws_iam_role_policy.ecs_service",
|
"aws_iam_role_policy.ecs_service",
|
||||||
"aws_alb_listener.front_end"
|
"aws_alb_listener.front_end",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
## IAM
|
## IAM
|
||||||
|
|
||||||
resource "aws_iam_role" "ecs_service" {
|
resource "aws_iam_role" "ecs_service" {
|
||||||
name = "tf_example_ecs_role"
|
name = "tf_example_ecs_role"
|
||||||
|
|
||||||
assume_role_policy = <<EOF
|
assume_role_policy = <<EOF
|
||||||
{
|
{
|
||||||
"Version": "2008-10-17",
|
"Version": "2008-10-17",
|
||||||
|
@ -212,6 +225,7 @@ EOF
|
||||||
resource "aws_iam_role_policy" "ecs_service" {
|
resource "aws_iam_role_policy" "ecs_service" {
|
||||||
name = "tf_example_ecs_policy"
|
name = "tf_example_ecs_policy"
|
||||||
role = "${aws_iam_role.ecs_service.name}"
|
role = "${aws_iam_role.ecs_service.name}"
|
||||||
|
|
||||||
policy = <<EOF
|
policy = <<EOF
|
||||||
{
|
{
|
||||||
"Version": "2012-10-17",
|
"Version": "2012-10-17",
|
||||||
|
@ -234,12 +248,13 @@ EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_instance_profile" "app" {
|
resource "aws_iam_instance_profile" "app" {
|
||||||
name = "tf-ecs-instprofile"
|
name = "tf-ecs-instprofile"
|
||||||
roles = ["${aws_iam_role.app_instance.name}"]
|
roles = ["${aws_iam_role.app_instance.name}"]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_role" "app_instance" {
|
resource "aws_iam_role" "app_instance" {
|
||||||
name = "tf-ecs-example-instance-role"
|
name = "tf-ecs-example-instance-role"
|
||||||
|
|
||||||
assume_role_policy = <<EOF
|
assume_role_policy = <<EOF
|
||||||
{
|
{
|
||||||
"Version": "2012-10-17",
|
"Version": "2012-10-17",
|
||||||
|
@ -259,6 +274,7 @@ EOF
|
||||||
|
|
||||||
data "template_file" "instance_profile" {
|
data "template_file" "instance_profile" {
|
||||||
template = "${file("${path.module}/instance-profile-policy.json")}"
|
template = "${file("${path.module}/instance-profile-policy.json")}"
|
||||||
|
|
||||||
vars {
|
vars {
|
||||||
app_log_group_arn = "${aws_cloudwatch_log_group.app.arn}"
|
app_log_group_arn = "${aws_cloudwatch_log_group.app.arn}"
|
||||||
ecs_log_group_arn = "${aws_cloudwatch_log_group.ecs.arn}"
|
ecs_log_group_arn = "${aws_cloudwatch_log_group.ecs.arn}"
|
||||||
|
@ -266,18 +282,18 @@ data "template_file" "instance_profile" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_role_policy" "instance" {
|
resource "aws_iam_role_policy" "instance" {
|
||||||
name = "TfEcsExampleInstanceRole"
|
name = "TfEcsExampleInstanceRole"
|
||||||
role = "${aws_iam_role.app_instance.name}"
|
role = "${aws_iam_role.app_instance.name}"
|
||||||
policy = "${data.template_file.instance_profile.rendered}"
|
policy = "${data.template_file.instance_profile.rendered}"
|
||||||
}
|
}
|
||||||
|
|
||||||
## ALB
|
## ALB
|
||||||
|
|
||||||
resource "aws_alb_target_group" "test" {
|
resource "aws_alb_target_group" "test" {
|
||||||
name = "tf-example-ecs-ghost"
|
name = "tf-example-ecs-ghost"
|
||||||
port = 80
|
port = 80
|
||||||
protocol = "HTTP"
|
protocol = "HTTP"
|
||||||
vpc_id = "${aws_vpc.main.id}"
|
vpc_id = "${aws_vpc.main.id}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_alb" "main" {
|
resource "aws_alb" "main" {
|
||||||
|
@ -288,12 +304,12 @@ resource "aws_alb" "main" {
|
||||||
|
|
||||||
resource "aws_alb_listener" "front_end" {
|
resource "aws_alb_listener" "front_end" {
|
||||||
load_balancer_arn = "${aws_alb.main.id}"
|
load_balancer_arn = "${aws_alb.main.id}"
|
||||||
port = "80"
|
port = "80"
|
||||||
protocol = "HTTP"
|
protocol = "HTTP"
|
||||||
|
|
||||||
default_action {
|
default_action {
|
||||||
target_group_arn = "${aws_alb_target_group.test.id}"
|
target_group_arn = "${aws_alb_target_group.test.id}"
|
||||||
type = "forward"
|
type = "forward"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
variable "aws_region" {
|
variable "aws_region" {
|
||||||
description = "The AWS region to create things in."
|
description = "The AWS region to create things in."
|
||||||
default = "us-west-2"
|
default = "us-west-2"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "az_count" {
|
variable "az_count" {
|
||||||
description = "Number of AZs to cover in a given AWS region"
|
description = "Number of AZs to cover in a given AWS region"
|
||||||
default = "2"
|
default = "2"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "key_name" {
|
variable "key_name" {
|
||||||
|
@ -13,23 +13,23 @@ variable "key_name" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "instance_type" {
|
variable "instance_type" {
|
||||||
default = "t2.small"
|
default = "t2.small"
|
||||||
description = "AWS instance type"
|
description = "AWS instance type"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "asg_min" {
|
variable "asg_min" {
|
||||||
description = "Min numbers of servers in ASG"
|
description = "Min numbers of servers in ASG"
|
||||||
default = "1"
|
default = "1"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "asg_max" {
|
variable "asg_max" {
|
||||||
description = "Max numbers of servers in ASG"
|
description = "Max numbers of servers in ASG"
|
||||||
default = "2"
|
default = "2"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "asg_desired" {
|
variable "asg_desired" {
|
||||||
description = "Desired numbers of servers in ASG"
|
description = "Desired numbers of servers in ASG"
|
||||||
default = "1"
|
default = "1"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "admin_cidr_ingress" {
|
variable "admin_cidr_ingress" {
|
||||||
|
|
|
@ -5,41 +5,40 @@ provider "aws" {
|
||||||
|
|
||||||
resource "aws_eip" "default" {
|
resource "aws_eip" "default" {
|
||||||
instance = "${aws_instance.web.id}"
|
instance = "${aws_instance.web.id}"
|
||||||
vpc = true
|
vpc = true
|
||||||
}
|
}
|
||||||
|
|
||||||
# Our default security group to access
|
# Our default security group to access
|
||||||
# the instances over SSH and HTTP
|
# the instances over SSH and HTTP
|
||||||
resource "aws_security_group" "default" {
|
resource "aws_security_group" "default" {
|
||||||
name = "eip_example"
|
name = "eip_example"
|
||||||
description = "Used in the terraform"
|
description = "Used in the terraform"
|
||||||
|
|
||||||
# SSH access from anywhere
|
# SSH access from anywhere
|
||||||
ingress {
|
ingress {
|
||||||
from_port = 22
|
from_port = 22
|
||||||
to_port = 22
|
to_port = 22
|
||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
}
|
}
|
||||||
|
|
||||||
# HTTP access from anywhere
|
# HTTP access from anywhere
|
||||||
ingress {
|
ingress {
|
||||||
from_port = 80
|
from_port = 80
|
||||||
to_port = 80
|
to_port = 80
|
||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
}
|
}
|
||||||
|
|
||||||
# outbound internet access
|
# outbound internet access
|
||||||
egress {
|
egress {
|
||||||
from_port = 0
|
from_port = 0
|
||||||
to_port = 0
|
to_port = 0
|
||||||
protocol = "-1"
|
protocol = "-1"
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
resource "aws_instance" "web" {
|
resource "aws_instance" "web" {
|
||||||
instance_type = "t2.micro"
|
instance_type = "t2.micro"
|
||||||
|
|
||||||
|
@ -61,6 +60,7 @@ resource "aws_instance" "web" {
|
||||||
# In this case, we just install nginx and start it. By default,
|
# In this case, we just install nginx and start it. By default,
|
||||||
# this should be on port 80
|
# this should be on port 80
|
||||||
user_data = "${file("userdata.sh")}"
|
user_data = "${file("userdata.sh")}"
|
||||||
|
|
||||||
#Instance tags
|
#Instance tags
|
||||||
tags {
|
tags {
|
||||||
Name = "eip-example"
|
Name = "eip-example"
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
output "address" {
|
output "address" {
|
||||||
value = "${aws_instance.web.private_ip}"
|
value = "${aws_instance.web.private_ip}"
|
||||||
}
|
}
|
||||||
|
|
||||||
output "elastic ip" {
|
output "elastic ip" {
|
||||||
value = "${aws_eip.default.public_ip}"
|
value = "${aws_eip.default.public_ip}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
variable "aws_region" {
|
variable "aws_region" {
|
||||||
description = "The AWS region to create things in."
|
description = "The AWS region to create things in."
|
||||||
default = "us-east-1"
|
default = "us-east-1"
|
||||||
}
|
}
|
||||||
|
|
||||||
# ubuntu-trusty-14.04 (x64)
|
# ubuntu-trusty-14.04 (x64)
|
||||||
|
@ -14,4 +14,3 @@ variable "aws_amis" {
|
||||||
variable "key_name" {
|
variable "key_name" {
|
||||||
description = "Name of the SSH keypair to use in AWS."
|
description = "Name of the SSH keypair to use in AWS."
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -6,30 +6,30 @@ provider "aws" {
|
||||||
# Our default security group to access
|
# Our default security group to access
|
||||||
# the instances over SSH and HTTP
|
# the instances over SSH and HTTP
|
||||||
resource "aws_security_group" "default" {
|
resource "aws_security_group" "default" {
|
||||||
name = "instance_sg"
|
name = "instance_sg"
|
||||||
description = "Used in the terraform"
|
description = "Used in the terraform"
|
||||||
|
|
||||||
# SSH access from anywhere
|
# SSH access from anywhere
|
||||||
ingress {
|
ingress {
|
||||||
from_port = 22
|
from_port = 22
|
||||||
to_port = 22
|
to_port = 22
|
||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
}
|
}
|
||||||
|
|
||||||
# HTTP access from anywhere
|
# HTTP access from anywhere
|
||||||
ingress {
|
ingress {
|
||||||
from_port = 80
|
from_port = 80
|
||||||
to_port = 80
|
to_port = 80
|
||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
}
|
}
|
||||||
|
|
||||||
# outbound internet access
|
# outbound internet access
|
||||||
egress {
|
egress {
|
||||||
from_port = 0
|
from_port = 0
|
||||||
to_port = 0
|
to_port = 0
|
||||||
protocol = "-1"
|
protocol = "-1"
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -37,22 +37,22 @@ resource "aws_security_group" "default" {
|
||||||
# Our elb security group to access
|
# Our elb security group to access
|
||||||
# the ELB over HTTP
|
# the ELB over HTTP
|
||||||
resource "aws_security_group" "elb" {
|
resource "aws_security_group" "elb" {
|
||||||
name = "elb_sg"
|
name = "elb_sg"
|
||||||
description = "Used in the terraform"
|
description = "Used in the terraform"
|
||||||
|
|
||||||
# HTTP access from anywhere
|
# HTTP access from anywhere
|
||||||
ingress {
|
ingress {
|
||||||
from_port = 80
|
from_port = 80
|
||||||
to_port = 80
|
to_port = 80
|
||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
}
|
}
|
||||||
|
|
||||||
# outbound internet access
|
# outbound internet access
|
||||||
egress {
|
egress {
|
||||||
from_port = 0
|
from_port = 0
|
||||||
to_port = 0
|
to_port = 0
|
||||||
protocol = "-1"
|
protocol = "-1"
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -62,41 +62,40 @@ resource "aws_elb" "web" {
|
||||||
|
|
||||||
# The same availability zone as our instance
|
# The same availability zone as our instance
|
||||||
availability_zones = ["${aws_instance.web.availability_zone}"]
|
availability_zones = ["${aws_instance.web.availability_zone}"]
|
||||||
security_groups = ["${aws_security_group.elb.id}"]
|
security_groups = ["${aws_security_group.elb.id}"]
|
||||||
|
|
||||||
listener {
|
listener {
|
||||||
instance_port = 80
|
instance_port = 80
|
||||||
instance_protocol = "http"
|
instance_protocol = "http"
|
||||||
lb_port = 80
|
lb_port = 80
|
||||||
lb_protocol = "http"
|
lb_protocol = "http"
|
||||||
}
|
}
|
||||||
|
|
||||||
health_check {
|
health_check {
|
||||||
healthy_threshold = 2
|
healthy_threshold = 2
|
||||||
unhealthy_threshold = 2
|
unhealthy_threshold = 2
|
||||||
timeout = 3
|
timeout = 3
|
||||||
target = "HTTP:80/"
|
target = "HTTP:80/"
|
||||||
interval = 30
|
interval = 30
|
||||||
}
|
}
|
||||||
|
|
||||||
# The instance is registered automatically
|
# The instance is registered automatically
|
||||||
instances = ["${aws_instance.web.id}"]
|
instances = ["${aws_instance.web.id}"]
|
||||||
|
|
||||||
cross_zone_load_balancing = true
|
cross_zone_load_balancing = true
|
||||||
idle_timeout = 400
|
idle_timeout = 400
|
||||||
connection_draining = true
|
connection_draining = true
|
||||||
connection_draining_timeout = 400
|
connection_draining_timeout = 400
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_lb_cookie_stickiness_policy" "default" {
|
resource "aws_lb_cookie_stickiness_policy" "default" {
|
||||||
name = "lbpolicy"
|
name = "lbpolicy"
|
||||||
load_balancer = "${aws_elb.web.id}"
|
load_balancer = "${aws_elb.web.id}"
|
||||||
lb_port = 80
|
lb_port = 80
|
||||||
cookie_expiration_period = 600
|
cookie_expiration_period = 600
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_instance" "web" {
|
resource "aws_instance" "web" {
|
||||||
|
|
||||||
instance_type = "t2.micro"
|
instance_type = "t2.micro"
|
||||||
|
|
||||||
# Lookup the correct AMI based on the region
|
# Lookup the correct AMI based on the region
|
||||||
|
@ -114,8 +113,9 @@ resource "aws_instance" "web" {
|
||||||
security_groups = ["${aws_security_group.default.name}"]
|
security_groups = ["${aws_security_group.default.name}"]
|
||||||
|
|
||||||
user_data = "${file("userdata.sh")}"
|
user_data = "${file("userdata.sh")}"
|
||||||
|
|
||||||
#Instance tags
|
#Instance tags
|
||||||
tags {
|
tags {
|
||||||
Name = "elb-example"
|
Name = "elb-example"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,7 @@ variable "key_name" {
|
||||||
|
|
||||||
variable "aws_region" {
|
variable "aws_region" {
|
||||||
description = "AWS region to launch servers."
|
description = "AWS region to launch servers."
|
||||||
default = "us-east-1"
|
default = "us-east-1"
|
||||||
}
|
}
|
||||||
|
|
||||||
# ubuntu-trusty-14.04 (x64)
|
# ubuntu-trusty-14.04 (x64)
|
||||||
|
@ -14,4 +14,3 @@ variable "aws_amis" {
|
||||||
"us-west-2" = "ami-7f675e4f"
|
"us-west-2" = "ami-7f675e4f"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,19 +1,19 @@
|
||||||
resource "aws_db_instance" "default" {
|
resource "aws_db_instance" "default" {
|
||||||
depends_on = ["aws_security_group.default"]
|
depends_on = ["aws_security_group.default"]
|
||||||
identifier = "${var.identifier}"
|
identifier = "${var.identifier}"
|
||||||
allocated_storage = "${var.storage}"
|
allocated_storage = "${var.storage}"
|
||||||
engine = "${var.engine}"
|
engine = "${var.engine}"
|
||||||
engine_version = "${lookup(var.engine_version, var.engine)}"
|
engine_version = "${lookup(var.engine_version, var.engine)}"
|
||||||
instance_class = "${var.instance_class}"
|
instance_class = "${var.instance_class}"
|
||||||
name = "${var.db_name}"
|
name = "${var.db_name}"
|
||||||
username = "${var.username}"
|
username = "${var.username}"
|
||||||
password = "${var.password}"
|
password = "${var.password}"
|
||||||
vpc_security_group_ids = ["${aws_security_group.default.id}"]
|
vpc_security_group_ids = ["${aws_security_group.default.id}"]
|
||||||
db_subnet_group_name = "${aws_db_subnet_group.default.id}"
|
db_subnet_group_name = "${aws_db_subnet_group.default.id}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_db_subnet_group" "default" {
|
resource "aws_db_subnet_group" "default" {
|
||||||
name = "main_subnet_group"
|
name = "main_subnet_group"
|
||||||
description = "Our main group of subnets"
|
description = "Our main group of subnets"
|
||||||
subnet_ids = ["${aws_subnet.subnet_1.id}", "${aws_subnet.subnet_2.id}"]
|
subnet_ids = ["${aws_subnet.subnet_1.id}", "${aws_subnet.subnet_2.id}"]
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
output "subnet_group" {
|
output "subnet_group" {
|
||||||
value = "${aws_db_subnet_group.default.name}"
|
value = "${aws_db_subnet_group.default.name}"
|
||||||
}
|
}
|
||||||
|
|
||||||
output "db_instance_id" {
|
output "db_instance_id" {
|
||||||
value = "${aws_db_instance.default.id}"
|
value = "${aws_db_instance.default.id}"
|
||||||
}
|
}
|
||||||
|
|
||||||
output "db_instance_address" {
|
output "db_instance_address" {
|
||||||
value = "${aws_db_instance.default.address}"
|
value = "${aws_db_instance.default.address}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
variable "cidr_blocks" {
|
variable "cidr_blocks" {
|
||||||
default = "0.0.0.0/0"
|
default = "0.0.0.0/0"
|
||||||
description = "CIDR for sg"
|
description = "CIDR for sg"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "sg_name" {
|
variable "sg_name" {
|
||||||
default = "rds_sg"
|
default = "rds_sg"
|
||||||
description = "Tag Name for sg"
|
description = "Tag Name for sg"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,19 +1,19 @@
|
||||||
resource "aws_security_group" "default" {
|
resource "aws_security_group" "default" {
|
||||||
name = "main_rds_sg"
|
name = "main_rds_sg"
|
||||||
description = "Allow all inbound traffic"
|
description = "Allow all inbound traffic"
|
||||||
vpc_id = "${var.vpc_id}"
|
vpc_id = "${var.vpc_id}"
|
||||||
|
|
||||||
ingress {
|
ingress {
|
||||||
from_port = 0
|
from_port = 0
|
||||||
to_port = 65535
|
to_port = 65535
|
||||||
protocol = "TCP"
|
protocol = "TCP"
|
||||||
cidr_blocks = ["${var.cidr_blocks}"]
|
cidr_blocks = ["${var.cidr_blocks}"]
|
||||||
}
|
}
|
||||||
|
|
||||||
egress {
|
egress {
|
||||||
from_port = 0
|
from_port = 0
|
||||||
to_port = 0
|
to_port = 0
|
||||||
protocol = "-1"
|
protocol = "-1"
|
||||||
cidr_blocks = ["0.0.0.0/0"]
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,24 +1,23 @@
|
||||||
variable "subnet_1_cidr" {
|
variable "subnet_1_cidr" {
|
||||||
default = "10.0.1.0/24"
|
default = "10.0.1.0/24"
|
||||||
description = "Your AZ"
|
description = "Your AZ"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "subnet_2_cidr" {
|
variable "subnet_2_cidr" {
|
||||||
default = "10.0.2.0/24"
|
default = "10.0.2.0/24"
|
||||||
description = "Your AZ"
|
description = "Your AZ"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "az_1" {
|
variable "az_1" {
|
||||||
default = "us-east-1b"
|
default = "us-east-1b"
|
||||||
description = "Your Az1, use AWS CLI to find your account specific"
|
description = "Your Az1, use AWS CLI to find your account specific"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "az_2" {
|
variable "az_2" {
|
||||||
default = "us-east-1c"
|
default = "us-east-1c"
|
||||||
description = "Your Az2, use AWS CLI to find your account specific"
|
description = "Your Az2, use AWS CLI to find your account specific"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "vpc_id" {
|
variable "vpc_id" {
|
||||||
description = "Your VPC ID"
|
description = "Your VPC ID"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
resource "aws_subnet" "subnet_1" {
|
resource "aws_subnet" "subnet_1" {
|
||||||
vpc_id = "${var.vpc_id}"
|
vpc_id = "${var.vpc_id}"
|
||||||
cidr_block = "${var.subnet_1_cidr}"
|
cidr_block = "${var.subnet_1_cidr}"
|
||||||
availability_zone = "${var.az_1}"
|
availability_zone = "${var.az_1}"
|
||||||
|
|
||||||
tags {
|
tags {
|
||||||
|
@ -9,8 +9,8 @@ resource "aws_subnet" "subnet_1" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_subnet" "subnet_2" {
|
resource "aws_subnet" "subnet_2" {
|
||||||
vpc_id = "${var.vpc_id}"
|
vpc_id = "${var.vpc_id}"
|
||||||
cidr_block = "${var.subnet_2_cidr}"
|
cidr_block = "${var.subnet_2_cidr}"
|
||||||
availability_zone = "${var.az_2}"
|
availability_zone = "${var.az_2}"
|
||||||
|
|
||||||
tags {
|
tags {
|
||||||
|
|
|
@ -1,38 +1,39 @@
|
||||||
variable "identifier" {
|
variable "identifier" {
|
||||||
default = "mydb-rds"
|
default = "mydb-rds"
|
||||||
description = "Identifier for your DB"
|
description = "Identifier for your DB"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "storage" {
|
variable "storage" {
|
||||||
default = "10"
|
default = "10"
|
||||||
description = "Storage size in GB"
|
description = "Storage size in GB"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "engine" {
|
variable "engine" {
|
||||||
default = "postgres"
|
default = "postgres"
|
||||||
description = "Engine type, example values mysql, postgres"
|
description = "Engine type, example values mysql, postgres"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "engine_version" {
|
variable "engine_version" {
|
||||||
description = "Engine version"
|
description = "Engine version"
|
||||||
|
|
||||||
default = {
|
default = {
|
||||||
mysql = "5.6.22"
|
mysql = "5.6.22"
|
||||||
postgres = "9.4.1"
|
postgres = "9.4.1"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "instance_class" {
|
variable "instance_class" {
|
||||||
default = "db.t2.micro"
|
default = "db.t2.micro"
|
||||||
description = "Instance class"
|
description = "Instance class"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "db_name" {
|
variable "db_name" {
|
||||||
default = "mydb"
|
default = "mydb"
|
||||||
description = "db name"
|
description = "db name"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "username" {
|
variable "username" {
|
||||||
default = "myuser"
|
default = "myuser"
|
||||||
description = "User name"
|
description = "User name"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
provider "aws" {
|
provider "aws" {
|
||||||
alias = "prod"
|
alias = "prod"
|
||||||
|
|
||||||
region = "us-east-1"
|
region = "us-east-1"
|
||||||
access_key = "${var.prod_access_key}"
|
access_key = "${var.prod_access_key}"
|
||||||
secret_key = "${var.prod_secret_key}"
|
secret_key = "${var.prod_secret_key}"
|
||||||
}
|
}
|
||||||
|
@ -10,7 +10,8 @@ resource "aws_s3_bucket" "prod" {
|
||||||
provider = "aws.prod"
|
provider = "aws.prod"
|
||||||
|
|
||||||
bucket = "${var.bucket_name}"
|
bucket = "${var.bucket_name}"
|
||||||
acl = "private"
|
acl = "private"
|
||||||
|
|
||||||
policy = <<POLICY
|
policy = <<POLICY
|
||||||
{
|
{
|
||||||
"Version": "2012-10-17",
|
"Version": "2012-10-17",
|
||||||
|
@ -33,14 +34,14 @@ resource "aws_s3_bucket_object" "prod" {
|
||||||
provider = "aws.prod"
|
provider = "aws.prod"
|
||||||
|
|
||||||
bucket = "${aws_s3_bucket.prod.id}"
|
bucket = "${aws_s3_bucket.prod.id}"
|
||||||
key = "object-uploaded-via-prod-creds"
|
key = "object-uploaded-via-prod-creds"
|
||||||
source = "${path.module}/prod.txt"
|
source = "${path.module}/prod.txt"
|
||||||
}
|
}
|
||||||
|
|
||||||
provider "aws" {
|
provider "aws" {
|
||||||
alias = "test"
|
alias = "test"
|
||||||
|
|
||||||
region = "us-east-1"
|
region = "us-east-1"
|
||||||
access_key = "${var.test_access_key}"
|
access_key = "${var.test_access_key}"
|
||||||
secret_key = "${var.test_secret_key}"
|
secret_key = "${var.test_secret_key}"
|
||||||
}
|
}
|
||||||
|
@ -49,6 +50,6 @@ resource "aws_s3_bucket_object" "test" {
|
||||||
provider = "aws.test"
|
provider = "aws.test"
|
||||||
|
|
||||||
bucket = "${aws_s3_bucket.prod.id}"
|
bucket = "${aws_s3_bucket.prod.id}"
|
||||||
key = "object-uploaded-via-test-creds"
|
key = "object-uploaded-via-test-creds"
|
||||||
source = "${path.module}/test.txt"
|
source = "${path.module}/test.txt"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,11 @@
|
||||||
variable "prod_access_key" {}
|
variable "prod_access_key" {}
|
||||||
|
|
||||||
variable "prod_secret_key" {}
|
variable "prod_secret_key" {}
|
||||||
|
|
||||||
variable "test_account_id" {}
|
variable "test_account_id" {}
|
||||||
|
|
||||||
variable "test_access_key" {}
|
variable "test_access_key" {}
|
||||||
|
|
||||||
variable "test_secret_key" {}
|
variable "test_secret_key" {}
|
||||||
|
|
||||||
variable "bucket_name" {}
|
variable "bucket_name" {}
|
||||||
|
|
|
@ -82,7 +82,6 @@ resource "aws_security_group" "default" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
resource "aws_elb" "web" {
|
resource "aws_elb" "web" {
|
||||||
name = "terraform-example-elb"
|
name = "terraform-example-elb"
|
||||||
|
|
||||||
|
@ -96,7 +95,6 @@ resource "aws_elb" "web" {
|
||||||
lb_port = 80
|
lb_port = 80
|
||||||
lb_protocol = "http"
|
lb_protocol = "http"
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_key_pair" "auth" {
|
resource "aws_key_pair" "auth" {
|
||||||
|
@ -138,7 +136,7 @@ resource "aws_instance" "web" {
|
||||||
inline = [
|
inline = [
|
||||||
"sudo apt-get -y update",
|
"sudo apt-get -y update",
|
||||||
"sudo apt-get -y install nginx",
|
"sudo apt-get -y install nginx",
|
||||||
"sudo service nginx start"
|
"sudo service nginx start",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,7 +14,7 @@ variable "key_name" {
|
||||||
|
|
||||||
variable "aws_region" {
|
variable "aws_region" {
|
||||||
description = "AWS region to launch servers."
|
description = "AWS region to launch servers."
|
||||||
default = "us-west-2"
|
default = "us-west-2"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Ubuntu Precise 12.04 LTS (x64)
|
# Ubuntu Precise 12.04 LTS (x64)
|
||||||
|
|
|
@ -3,94 +3,94 @@
|
||||||
provider "clc" {
|
provider "clc" {
|
||||||
username = "${var.clc_username}"
|
username = "${var.clc_username}"
|
||||||
password = "${var.clc_password}"
|
password = "${var.clc_password}"
|
||||||
account = "${var.clc_account}"
|
account = "${var.clc_account}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# --------------------
|
# --------------------
|
||||||
# Provision/Resolve a server group
|
# Provision/Resolve a server group
|
||||||
resource "clc_group" "frontends" {
|
resource "clc_group" "frontends" {
|
||||||
location_id = "CA1"
|
location_id = "CA1"
|
||||||
name = "frontends"
|
name = "frontends"
|
||||||
parent = "Default Group"
|
parent = "Default Group"
|
||||||
}
|
}
|
||||||
|
|
||||||
# --------------------
|
# --------------------
|
||||||
# Provision a server
|
# Provision a server
|
||||||
resource "clc_server" "node" {
|
resource "clc_server" "node" {
|
||||||
name_template = "trusty"
|
name_template = "trusty"
|
||||||
source_server_id = "UBUNTU-14-64-TEMPLATE"
|
source_server_id = "UBUNTU-14-64-TEMPLATE"
|
||||||
group_id = "${clc_group.frontends.id}"
|
group_id = "${clc_group.frontends.id}"
|
||||||
cpu = 2
|
cpu = 2
|
||||||
memory_mb = 2048
|
memory_mb = 2048
|
||||||
password = "Green123$"
|
password = "Green123$"
|
||||||
additional_disks
|
|
||||||
{
|
additional_disks {
|
||||||
path = "/var"
|
path = "/var"
|
||||||
size_gb = 100
|
size_gb = 100
|
||||||
type = "partitioned"
|
type = "partitioned"
|
||||||
}
|
}
|
||||||
additional_disks
|
|
||||||
{
|
additional_disks {
|
||||||
size_gb = 10
|
size_gb = 10
|
||||||
type = "raw"
|
type = "raw"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# --------------------
|
# --------------------
|
||||||
# Provision a public ip
|
# Provision a public ip
|
||||||
resource "clc_public_ip" "backdoor" {
|
resource "clc_public_ip" "backdoor" {
|
||||||
server_id = "${clc_server.node.0.id}"
|
server_id = "${clc_server.node.0.id}"
|
||||||
internal_ip_address = "${clc_server.node.0.private_ip_address}"
|
internal_ip_address = "${clc_server.node.0.private_ip_address}"
|
||||||
ports
|
|
||||||
{
|
|
||||||
protocol = "ICMP"
|
|
||||||
port = -1
|
|
||||||
}
|
|
||||||
ports
|
|
||||||
{
|
|
||||||
protocol = "TCP"
|
|
||||||
port = 22
|
|
||||||
}
|
|
||||||
source_restrictions
|
|
||||||
{ cidr = "173.60.0.0/16" }
|
|
||||||
|
|
||||||
|
ports {
|
||||||
|
protocol = "ICMP"
|
||||||
|
port = -1
|
||||||
|
}
|
||||||
|
|
||||||
|
ports {
|
||||||
|
protocol = "TCP"
|
||||||
|
port = 22
|
||||||
|
}
|
||||||
|
|
||||||
|
source_restrictions {
|
||||||
|
cidr = "173.60.0.0/16"
|
||||||
|
}
|
||||||
|
|
||||||
# ssh in and start a simple http server on :8080
|
# ssh in and start a simple http server on :8080
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
inline = [
|
inline = [
|
||||||
"cd /tmp; python -mSimpleHTTPServer > /dev/null 2>&1 &"
|
"cd /tmp; python -mSimpleHTTPServer > /dev/null 2>&1 &",
|
||||||
]
|
]
|
||||||
|
|
||||||
connection {
|
connection {
|
||||||
host = "${clc_public_ip.backdoor.id}"
|
host = "${clc_public_ip.backdoor.id}"
|
||||||
user = "root"
|
user = "root"
|
||||||
password = "${clc_server.node.password}"
|
password = "${clc_server.node.password}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# --------------------
|
# --------------------
|
||||||
# Provision a load balancer
|
# Provision a load balancer
|
||||||
resource "clc_load_balancer" "frontdoor" {
|
resource "clc_load_balancer" "frontdoor" {
|
||||||
data_center = "${clc_group.frontends.location_id}"
|
data_center = "${clc_group.frontends.location_id}"
|
||||||
name = "frontdoor"
|
name = "frontdoor"
|
||||||
description = "frontdoor"
|
description = "frontdoor"
|
||||||
status = "enabled"
|
status = "enabled"
|
||||||
}
|
}
|
||||||
|
|
||||||
# --------------------
|
# --------------------
|
||||||
# Provision a load balancer pool
|
# Provision a load balancer pool
|
||||||
resource "clc_load_balancer_pool" "pool" {
|
resource "clc_load_balancer_pool" "pool" {
|
||||||
data_center = "${clc_group.frontends.location_id}"
|
data_center = "${clc_group.frontends.location_id}"
|
||||||
load_balancer = "${clc_load_balancer.frontdoor.id}"
|
load_balancer = "${clc_load_balancer.frontdoor.id}"
|
||||||
method = "roundRobin"
|
method = "roundRobin"
|
||||||
persistence = "standard"
|
persistence = "standard"
|
||||||
port = 80
|
port = 80
|
||||||
nodes
|
|
||||||
{
|
nodes {
|
||||||
status = "enabled"
|
status = "enabled"
|
||||||
ipAddress = "${clc_server.node.private_ip_address}"
|
ipAddress = "${clc_server.node.private_ip_address}"
|
||||||
privatePort = 8000
|
privatePort = 8000
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,4 +24,4 @@ output "frontdoor" {
|
||||||
|
|
||||||
output "pool" {
|
output "pool" {
|
||||||
value = "curl -vv ${clc_load_balancer.frontdoor.ip_address}"
|
value = "curl -vv ${clc_load_balancer.frontdoor.ip_address}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
variable "clc_username" {
|
variable "clc_username" {
|
||||||
default = "<username>"
|
default = "<username>"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "clc_password" {
|
variable "clc_password" {
|
||||||
default = "<password>"
|
default = "<password>"
|
||||||
}
|
}
|
||||||
|
@ -16,4 +17,4 @@ variable "image" {
|
||||||
|
|
||||||
variable "app_port" {
|
variable "app_port" {
|
||||||
default = 8080
|
default = 8080
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Setup the Consul provisioner to use the demo cluster
|
# Setup the Consul provisioner to use the demo cluster
|
||||||
provider "consul" {
|
provider "consul" {
|
||||||
address = "demo.consul.io:80"
|
address = "demo.consul.io:80"
|
||||||
datacenter = "nyc1"
|
datacenter = "nyc1"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -12,8 +12,8 @@ provider "aws" {
|
||||||
# Setup a key in Consul to provide inputs
|
# Setup a key in Consul to provide inputs
|
||||||
resource "consul_keys" "input" {
|
resource "consul_keys" "input" {
|
||||||
key {
|
key {
|
||||||
name = "size"
|
name = "size"
|
||||||
path = "tf_test/size"
|
path = "tf_test/size"
|
||||||
default = "m1.small"
|
default = "m1.small"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -21,7 +21,7 @@ resource "consul_keys" "input" {
|
||||||
# Setup a new AWS instance using a dynamic ami and
|
# Setup a new AWS instance using a dynamic ami and
|
||||||
# instance type
|
# instance type
|
||||||
resource "aws_instance" "test" {
|
resource "aws_instance" "test" {
|
||||||
ami = "${lookup(var.aws_amis, var.aws_region)}"
|
ami = "${lookup(var.aws_amis, var.aws_region)}"
|
||||||
instance_type = "${consul_keys.input.var.size}"
|
instance_type = "${consul_keys.input.var.size}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -29,15 +29,16 @@ resource "aws_instance" "test" {
|
||||||
# the DNS name of the instance
|
# the DNS name of the instance
|
||||||
resource "consul_keys" "test" {
|
resource "consul_keys" "test" {
|
||||||
key {
|
key {
|
||||||
name = "id"
|
name = "id"
|
||||||
path = "tf_test/id"
|
path = "tf_test/id"
|
||||||
value = "${aws_instance.test.id}"
|
value = "${aws_instance.test.id}"
|
||||||
delete = true
|
delete = true
|
||||||
}
|
}
|
||||||
|
|
||||||
key {
|
key {
|
||||||
name = "address"
|
name = "address"
|
||||||
path = "tf_test/public_dns"
|
path = "tf_test/public_dns"
|
||||||
value = "${aws_instance.test.public_dns}"
|
value = "${aws_instance.test.public_dns}"
|
||||||
delete = true
|
delete = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
variable "aws_region" {
|
variable "aws_region" {
|
||||||
description = "The AWS region to create resources in."
|
description = "The AWS region to create resources in."
|
||||||
default = "us-east-1"
|
default = "us-east-1"
|
||||||
}
|
}
|
||||||
|
|
||||||
# AMI's from http://cloud-images.ubuntu.com/locator/ec2/
|
# AMI's from http://cloud-images.ubuntu.com/locator/ec2/
|
||||||
variable "aws_amis" {
|
variable "aws_amis" {
|
||||||
default = {
|
default = {
|
||||||
eu-west-1 = "ami-b1cf19c6"
|
eu-west-1 = "ami-b1cf19c6"
|
||||||
us-east-1 = "ami-de7ab6b6"
|
us-east-1 = "ami-de7ab6b6"
|
||||||
us-west-1 = "ami-3f75767a"
|
us-west-1 = "ami-3f75767a"
|
||||||
us-west-2 = "ami-21f78e11"
|
us-west-2 = "ami-21f78e11"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,13 +14,13 @@ resource "dnsimple_record" "web" {
|
||||||
value = "${heroku_app.web.heroku_hostname}"
|
value = "${heroku_app.web.heroku_hostname}"
|
||||||
|
|
||||||
type = "CNAME"
|
type = "CNAME"
|
||||||
ttl = 3600
|
ttl = 3600
|
||||||
}
|
}
|
||||||
|
|
||||||
# The Heroku domain, which will be created and added
|
# The Heroku domain, which will be created and added
|
||||||
# to the heroku application after we have assigned the domain
|
# to the heroku application after we have assigned the domain
|
||||||
# in DNSimple
|
# in DNSimple
|
||||||
resource "heroku_domain" "foobar" {
|
resource "heroku_domain" "foobar" {
|
||||||
app = "${heroku_app.web.name}"
|
app = "${heroku_app.web.name}"
|
||||||
hostname = "${dnsimple_record.web.hostname}"
|
hostname = "${dnsimple_record.web.hostname}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,43 +1,44 @@
|
||||||
provider "digitalocean" {
|
provider "digitalocean" {
|
||||||
# You need to set this in your .bashrc
|
# You need to set this in your .bashrc
|
||||||
# export DIGITALOCEAN_TOKEN="Your API TOKEN"
|
# export DIGITALOCEAN_TOKEN="Your API TOKEN"
|
||||||
#
|
#
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "digitalocean_droplet" "mywebserver" {
|
resource "digitalocean_droplet" "mywebserver" {
|
||||||
# Obtain your ssh_key id number via your account. See Document https://developers.digitalocean.com/documentation/v2/#list-all-keys
|
# Obtain your ssh_key id number via your account. See Document https://developers.digitalocean.com/documentation/v2/#list-all-keys
|
||||||
ssh_keys=[12345678] # Key example
|
ssh_keys = [12345678] # Key example
|
||||||
image = "${var.ubuntu}"
|
image = "${var.ubuntu}"
|
||||||
region = "${var.do_ams3}"
|
region = "${var.do_ams3}"
|
||||||
size = "512mb"
|
size = "512mb"
|
||||||
private_networking = true
|
private_networking = true
|
||||||
backups = true
|
backups = true
|
||||||
ipv6 = true
|
ipv6 = true
|
||||||
name = "mywebserver-ams3"
|
name = "mywebserver-ams3"
|
||||||
|
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
inline = [
|
inline = [
|
||||||
"export PATH=$PATH:/usr/bin",
|
"export PATH=$PATH:/usr/bin",
|
||||||
"sudo apt-get update",
|
"sudo apt-get update",
|
||||||
"sudo apt-get -y install nginx"
|
"sudo apt-get -y install nginx",
|
||||||
]
|
]
|
||||||
connection {
|
|
||||||
type = "ssh"
|
connection {
|
||||||
key_file = "file(${HOME}/.ssh/id_rsa)"
|
type = "ssh"
|
||||||
user = "root"
|
key_file = "file(${HOME}/.ssh/id_rsa)"
|
||||||
timeout = "2m"
|
user = "root"
|
||||||
}
|
timeout = "2m"
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "digitalocean_domain" "mywebserver" {
|
resource "digitalocean_domain" "mywebserver" {
|
||||||
name = "www.mywebserver.com"
|
name = "www.mywebserver.com"
|
||||||
ip_address = "${digitalocean_droplet.mywebserver.ipv4_address}"
|
ip_address = "${digitalocean_droplet.mywebserver.ipv4_address}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "digitalocean_record" "mywebserver" {
|
resource "digitalocean_record" "mywebserver" {
|
||||||
domain = "${digitalocean_domain.mywebserver.name}"
|
domain = "${digitalocean_domain.mywebserver.name}"
|
||||||
type = "A"
|
type = "A"
|
||||||
name = "mywebserver"
|
name = "mywebserver"
|
||||||
value = "${digitalocean_droplet.mywebserver.ipv4_address}"
|
value = "${digitalocean_droplet.mywebserver.ipv4_address}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
output "Public ip" {
|
output "Public ip" {
|
||||||
value = "${digitalocean_droplet.mywebserver.ipv4_address}"
|
value = "${digitalocean_droplet.mywebserver.ipv4_address}"
|
||||||
}
|
}
|
||||||
|
|
||||||
output "Name" {
|
output "Name" {
|
||||||
value = "${digitalocean_droplet.mywebserver.name}"
|
value = "${digitalocean_droplet.mywebserver.name}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,71 +1,74 @@
|
||||||
# ####
|
# ####
|
||||||
|
|
||||||
# Current Availiable Datacenter Regions
|
# Current Availiable Datacenter Regions
|
||||||
|
|
||||||
# As of 05-07-2016
|
# As of 05-07-2016
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
||||||
variable "do_ams2" {
|
variable "do_ams2" {
|
||||||
description = "Digital Ocean Amsterdam Data Center 2"
|
description = "Digital Ocean Amsterdam Data Center 2"
|
||||||
default = "ams2"
|
default = "ams2"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "do_ams3" {
|
variable "do_ams3" {
|
||||||
description = "Digital Ocean Amsterdam Data Center 3"
|
description = "Digital Ocean Amsterdam Data Center 3"
|
||||||
default = "ams3"
|
default = "ams3"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "do_fra1" {
|
variable "do_fra1" {
|
||||||
description = "Digital Ocean Frankfurt Data Center 1"
|
description = "Digital Ocean Frankfurt Data Center 1"
|
||||||
default = "fra1"
|
default = "fra1"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "do_lon1" {
|
variable "do_lon1" {
|
||||||
description = "Digital Ocean London Data Center 1"
|
description = "Digital Ocean London Data Center 1"
|
||||||
default = "lon1"
|
default = "lon1"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "do_nyc1" {
|
variable "do_nyc1" {
|
||||||
description = "Digital Ocean New York Data Center 1"
|
description = "Digital Ocean New York Data Center 1"
|
||||||
default = "nyc1"
|
default = "nyc1"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "do_nyc2" {
|
variable "do_nyc2" {
|
||||||
description = "Digital Ocean New York Data Center 2"
|
description = "Digital Ocean New York Data Center 2"
|
||||||
default = "nyc2"
|
default = "nyc2"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "do_nyc3" {
|
variable "do_nyc3" {
|
||||||
description = "Digital Ocean New York Data Center 3"
|
description = "Digital Ocean New York Data Center 3"
|
||||||
default = "nyc3"
|
default = "nyc3"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "do_sfo1" {
|
variable "do_sfo1" {
|
||||||
description = "Digital Ocean San Francisco Data Center 1"
|
description = "Digital Ocean San Francisco Data Center 1"
|
||||||
default = "sfo1"
|
default = "sfo1"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "do_sgp1" {
|
variable "do_sgp1" {
|
||||||
description = "Digital Ocean Singapore Data Center 1"
|
description = "Digital Ocean Singapore Data Center 1"
|
||||||
default = "sgp1"
|
default = "sgp1"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "do_tor1" {
|
variable "do_tor1" {
|
||||||
description = "Digital Ocean Toronto Datacenter 1"
|
description = "Digital Ocean Toronto Datacenter 1"
|
||||||
default = "tor1"
|
default = "tor1"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Default Os
|
# Default Os
|
||||||
|
|
||||||
variable "ubuntu" {
|
variable "ubuntu" {
|
||||||
description = "Default LTS"
|
description = "Default LTS"
|
||||||
default = "ubuntu-14-04-x64"
|
default = "ubuntu-14-04-x64"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "centos" {
|
variable "centos" {
|
||||||
description = "Default Centos"
|
description = "Default Centos"
|
||||||
default = "centos-72-x64"
|
default = "centos-72-x64"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "coreos" {
|
variable "coreos" {
|
||||||
description = "Defaut Coreos"
|
description = "Defaut Coreos"
|
||||||
default = "coreos-899.17.0"
|
default = "coreos-899.17.0"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
variable "project" {
|
variable "project" {
|
||||||
description = "Your project name"
|
description = "Your project name"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "region1" {
|
variable "region1" {
|
||||||
description = "The desired region for the first network & VPN and project"
|
description = "The desired region for the first network & VPN and project"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "region2" {
|
variable "region2" {
|
||||||
description = "The desired region for the second network & VPN"
|
description = "The desired region for the second network & VPN"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,172 +1,182 @@
|
||||||
# An example of how to connect two GCE networks with a VPN
|
# An example of how to connect two GCE networks with a VPN
|
||||||
provider "google" {
|
provider "google" {
|
||||||
account_file = "${file("~/gce/account.json")}"
|
account_file = "${file("~/gce/account.json")}"
|
||||||
project = "${var.project}"
|
project = "${var.project}"
|
||||||
region = "${var.region1}"
|
region = "${var.region1}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create the two networks we want to join. They must have seperate, internal
|
# Create the two networks we want to join. They must have seperate, internal
|
||||||
# ranges.
|
# ranges.
|
||||||
resource "google_compute_network" "network1" {
|
resource "google_compute_network" "network1" {
|
||||||
name = "network1"
|
name = "network1"
|
||||||
ipv4_range = "10.120.0.0/16"
|
ipv4_range = "10.120.0.0/16"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_network" "network2" {
|
resource "google_compute_network" "network2" {
|
||||||
name = "network2"
|
name = "network2"
|
||||||
ipv4_range = "10.121.0.0/16"
|
ipv4_range = "10.121.0.0/16"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Attach a VPN gateway to each network.
|
# Attach a VPN gateway to each network.
|
||||||
resource "google_compute_vpn_gateway" "target_gateway1" {
|
resource "google_compute_vpn_gateway" "target_gateway1" {
|
||||||
name = "vpn1"
|
name = "vpn1"
|
||||||
network = "${google_compute_network.network1.self_link}"
|
network = "${google_compute_network.network1.self_link}"
|
||||||
region = "${var.region1}"
|
region = "${var.region1}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_vpn_gateway" "target_gateway2" {
|
resource "google_compute_vpn_gateway" "target_gateway2" {
|
||||||
name = "vpn2"
|
name = "vpn2"
|
||||||
network = "${google_compute_network.network2.self_link}"
|
network = "${google_compute_network.network2.self_link}"
|
||||||
region = "${var.region2}"
|
region = "${var.region2}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create an outward facing static IP for each VPN that will be used by the
|
# Create an outward facing static IP for each VPN that will be used by the
|
||||||
# other VPN to connect.
|
# other VPN to connect.
|
||||||
resource "google_compute_address" "vpn_static_ip1" {
|
resource "google_compute_address" "vpn_static_ip1" {
|
||||||
name = "vpn-static-ip1"
|
name = "vpn-static-ip1"
|
||||||
region = "${var.region1}"
|
region = "${var.region1}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_address" "vpn_static_ip2" {
|
resource "google_compute_address" "vpn_static_ip2" {
|
||||||
name = "vpn-static-ip2"
|
name = "vpn-static-ip2"
|
||||||
region = "${var.region2}"
|
region = "${var.region2}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Forward IPSec traffic coming into our static IP to our VPN gateway.
|
# Forward IPSec traffic coming into our static IP to our VPN gateway.
|
||||||
resource "google_compute_forwarding_rule" "fr1_esp" {
|
resource "google_compute_forwarding_rule" "fr1_esp" {
|
||||||
name = "fr1-esp"
|
name = "fr1-esp"
|
||||||
region = "${var.region1}"
|
region = "${var.region1}"
|
||||||
ip_protocol = "ESP"
|
ip_protocol = "ESP"
|
||||||
ip_address = "${google_compute_address.vpn_static_ip1.address}"
|
ip_address = "${google_compute_address.vpn_static_ip1.address}"
|
||||||
target = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
target = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_forwarding_rule" "fr2_esp" {
|
resource "google_compute_forwarding_rule" "fr2_esp" {
|
||||||
name = "fr2-esp"
|
name = "fr2-esp"
|
||||||
region = "${var.region2}"
|
region = "${var.region2}"
|
||||||
ip_protocol = "ESP"
|
ip_protocol = "ESP"
|
||||||
ip_address = "${google_compute_address.vpn_static_ip2.address}"
|
ip_address = "${google_compute_address.vpn_static_ip2.address}"
|
||||||
target = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
target = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# The following two sets of forwarding rules are used as a part of the IPSec
|
# The following two sets of forwarding rules are used as a part of the IPSec
|
||||||
# protocol
|
# protocol
|
||||||
resource "google_compute_forwarding_rule" "fr1_udp500" {
|
resource "google_compute_forwarding_rule" "fr1_udp500" {
|
||||||
name = "fr1-udp500"
|
name = "fr1-udp500"
|
||||||
region = "${var.region1}"
|
region = "${var.region1}"
|
||||||
ip_protocol = "UDP"
|
ip_protocol = "UDP"
|
||||||
port_range = "500"
|
port_range = "500"
|
||||||
ip_address = "${google_compute_address.vpn_static_ip1.address}"
|
ip_address = "${google_compute_address.vpn_static_ip1.address}"
|
||||||
target = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
target = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_forwarding_rule" "fr2_udp500" {
|
resource "google_compute_forwarding_rule" "fr2_udp500" {
|
||||||
name = "fr2-udp500"
|
name = "fr2-udp500"
|
||||||
region = "${var.region2}"
|
region = "${var.region2}"
|
||||||
ip_protocol = "UDP"
|
ip_protocol = "UDP"
|
||||||
port_range = "500"
|
port_range = "500"
|
||||||
ip_address = "${google_compute_address.vpn_static_ip2.address}"
|
ip_address = "${google_compute_address.vpn_static_ip2.address}"
|
||||||
target = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
target = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_forwarding_rule" "fr1_udp4500" {
|
resource "google_compute_forwarding_rule" "fr1_udp4500" {
|
||||||
name = "fr1-udp4500"
|
name = "fr1-udp4500"
|
||||||
region = "${var.region1}"
|
region = "${var.region1}"
|
||||||
ip_protocol = "UDP"
|
ip_protocol = "UDP"
|
||||||
port_range = "4500"
|
port_range = "4500"
|
||||||
ip_address = "${google_compute_address.vpn_static_ip1.address}"
|
ip_address = "${google_compute_address.vpn_static_ip1.address}"
|
||||||
target = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
target = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_forwarding_rule" "fr2_udp4500" {
|
resource "google_compute_forwarding_rule" "fr2_udp4500" {
|
||||||
name = "fr2-udp4500"
|
name = "fr2-udp4500"
|
||||||
region = "${var.region2}"
|
region = "${var.region2}"
|
||||||
ip_protocol = "UDP"
|
ip_protocol = "UDP"
|
||||||
port_range = "4500"
|
port_range = "4500"
|
||||||
ip_address = "${google_compute_address.vpn_static_ip2.address}"
|
ip_address = "${google_compute_address.vpn_static_ip2.address}"
|
||||||
target = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
target = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Each tunnel is responsible for encrypting and decrypting traffic exiting
|
# Each tunnel is responsible for encrypting and decrypting traffic exiting
|
||||||
# and leaving its associated gateway
|
# and leaving its associated gateway
|
||||||
resource "google_compute_vpn_tunnel" "tunnel1" {
|
resource "google_compute_vpn_tunnel" "tunnel1" {
|
||||||
name = "tunnel1"
|
name = "tunnel1"
|
||||||
region = "${var.region1}"
|
region = "${var.region1}"
|
||||||
peer_ip = "${google_compute_address.vpn_static_ip2.address}"
|
peer_ip = "${google_compute_address.vpn_static_ip2.address}"
|
||||||
shared_secret = "a secret message"
|
shared_secret = "a secret message"
|
||||||
target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway1.self_link}"
|
||||||
depends_on = ["google_compute_forwarding_rule.fr1_udp500",
|
|
||||||
"google_compute_forwarding_rule.fr1_udp4500",
|
depends_on = ["google_compute_forwarding_rule.fr1_udp500",
|
||||||
"google_compute_forwarding_rule.fr1_esp"]
|
"google_compute_forwarding_rule.fr1_udp4500",
|
||||||
|
"google_compute_forwarding_rule.fr1_esp",
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_vpn_tunnel" "tunnel2" {
|
resource "google_compute_vpn_tunnel" "tunnel2" {
|
||||||
name = "tunnel2"
|
name = "tunnel2"
|
||||||
region = "${var.region2}"
|
region = "${var.region2}"
|
||||||
peer_ip = "${google_compute_address.vpn_static_ip1.address}"
|
peer_ip = "${google_compute_address.vpn_static_ip1.address}"
|
||||||
shared_secret = "a secret message"
|
shared_secret = "a secret message"
|
||||||
target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway2.self_link}"
|
||||||
depends_on = ["google_compute_forwarding_rule.fr2_udp500",
|
|
||||||
"google_compute_forwarding_rule.fr2_udp4500",
|
depends_on = ["google_compute_forwarding_rule.fr2_udp500",
|
||||||
"google_compute_forwarding_rule.fr2_esp"]
|
"google_compute_forwarding_rule.fr2_udp4500",
|
||||||
|
"google_compute_forwarding_rule.fr2_esp",
|
||||||
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
# Each route tells the associated network to send all traffic in the dest_range
|
# Each route tells the associated network to send all traffic in the dest_range
|
||||||
# through the VPN tunnel
|
# through the VPN tunnel
|
||||||
resource "google_compute_route" "route1" {
|
resource "google_compute_route" "route1" {
|
||||||
name = "route1"
|
name = "route1"
|
||||||
network = "${google_compute_network.network1.name}"
|
network = "${google_compute_network.network1.name}"
|
||||||
next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel1.self_link}"
|
next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel1.self_link}"
|
||||||
dest_range = "${google_compute_network.network2.ipv4_range}"
|
dest_range = "${google_compute_network.network2.ipv4_range}"
|
||||||
priority = 1000
|
priority = 1000
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_route" "route2" {
|
resource "google_compute_route" "route2" {
|
||||||
name = "route2"
|
name = "route2"
|
||||||
network = "${google_compute_network.network2.name}"
|
network = "${google_compute_network.network2.name}"
|
||||||
next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel2.self_link}"
|
next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel2.self_link}"
|
||||||
dest_range = "${google_compute_network.network1.ipv4_range}"
|
dest_range = "${google_compute_network.network1.ipv4_range}"
|
||||||
priority = 1000
|
priority = 1000
|
||||||
}
|
}
|
||||||
|
|
||||||
# We want to allow the two networks to communicate, so we need to unblock
|
# We want to allow the two networks to communicate, so we need to unblock
|
||||||
# them in the firewall
|
# them in the firewall
|
||||||
resource "google_compute_firewall" "network1-allow-network1" {
|
resource "google_compute_firewall" "network1-allow-network1" {
|
||||||
name = "network1-allow-network1"
|
name = "network1-allow-network1"
|
||||||
network = "${google_compute_network.network1.name}"
|
network = "${google_compute_network.network1.name}"
|
||||||
source_ranges = ["${google_compute_network.network1.ipv4_range}"]
|
source_ranges = ["${google_compute_network.network1.ipv4_range}"]
|
||||||
allow {
|
|
||||||
protocol = "tcp"
|
allow {
|
||||||
}
|
protocol = "tcp"
|
||||||
allow {
|
}
|
||||||
protocol = "udp"
|
|
||||||
}
|
allow {
|
||||||
allow {
|
protocol = "udp"
|
||||||
protocol = "icmp"
|
}
|
||||||
}
|
|
||||||
|
allow {
|
||||||
|
protocol = "icmp"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_firewall" "network1-allow-network2" {
|
resource "google_compute_firewall" "network1-allow-network2" {
|
||||||
name = "network1-allow-network2"
|
name = "network1-allow-network2"
|
||||||
network = "${google_compute_network.network1.name}"
|
network = "${google_compute_network.network1.name}"
|
||||||
source_ranges = ["${google_compute_network.network2.ipv4_range}"]
|
source_ranges = ["${google_compute_network.network2.ipv4_range}"]
|
||||||
allow {
|
|
||||||
protocol = "tcp"
|
allow {
|
||||||
}
|
protocol = "tcp"
|
||||||
allow {
|
}
|
||||||
protocol = "udp"
|
|
||||||
}
|
allow {
|
||||||
allow {
|
protocol = "udp"
|
||||||
protocol = "icmp"
|
}
|
||||||
}
|
|
||||||
|
allow {
|
||||||
|
protocol = "icmp"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,39 +1,39 @@
|
||||||
# See https://cloud.google.com/compute/docs/load-balancing/network/example
|
# See https://cloud.google.com/compute/docs/load-balancing/network/example
|
||||||
|
|
||||||
provider "google" {
|
provider "google" {
|
||||||
region = "${var.region}"
|
region = "${var.region}"
|
||||||
project = "${var.project_name}"
|
project = "${var.project_name}"
|
||||||
credentials = "${file("${var.credentials_file_path}")}"
|
credentials = "${file("${var.credentials_file_path}")}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_http_health_check" "default" {
|
resource "google_compute_http_health_check" "default" {
|
||||||
name = "tf-www-basic-check"
|
name = "tf-www-basic-check"
|
||||||
request_path = "/"
|
request_path = "/"
|
||||||
check_interval_sec = 1
|
check_interval_sec = 1
|
||||||
healthy_threshold = 1
|
healthy_threshold = 1
|
||||||
unhealthy_threshold = 10
|
unhealthy_threshold = 10
|
||||||
timeout_sec = 1
|
timeout_sec = 1
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_target_pool" "default" {
|
resource "google_compute_target_pool" "default" {
|
||||||
name = "tf-www-target-pool"
|
name = "tf-www-target-pool"
|
||||||
instances = ["${google_compute_instance.www.*.self_link}"]
|
instances = ["${google_compute_instance.www.*.self_link}"]
|
||||||
health_checks = ["${google_compute_http_health_check.default.name}"]
|
health_checks = ["${google_compute_http_health_check.default.name}"]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_forwarding_rule" "default" {
|
resource "google_compute_forwarding_rule" "default" {
|
||||||
name = "tf-www-forwarding-rule"
|
name = "tf-www-forwarding-rule"
|
||||||
target = "${google_compute_target_pool.default.self_link}"
|
target = "${google_compute_target_pool.default.self_link}"
|
||||||
port_range = "80"
|
port_range = "80"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_instance" "www" {
|
resource "google_compute_instance" "www" {
|
||||||
count = 3
|
count = 3
|
||||||
|
|
||||||
name = "tf-www-${count.index}"
|
name = "tf-www-${count.index}"
|
||||||
machine_type = "f1-micro"
|
machine_type = "f1-micro"
|
||||||
zone = "${var.region_zone}"
|
zone = "${var.region_zone}"
|
||||||
tags = ["www-node"]
|
tags = ["www-node"]
|
||||||
|
|
||||||
disk {
|
disk {
|
||||||
image = "ubuntu-os-cloud/ubuntu-1404-trusty-v20160602"
|
image = "ubuntu-os-cloud/ubuntu-1404-trusty-v20160602"
|
||||||
|
@ -41,6 +41,7 @@ resource "google_compute_instance" "www" {
|
||||||
|
|
||||||
network_interface {
|
network_interface {
|
||||||
network = "default"
|
network = "default"
|
||||||
|
|
||||||
access_config {
|
access_config {
|
||||||
# Ephemeral
|
# Ephemeral
|
||||||
}
|
}
|
||||||
|
@ -51,26 +52,28 @@ resource "google_compute_instance" "www" {
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
source = "${var.install_script_src_path}"
|
source = "${var.install_script_src_path}"
|
||||||
destination = "${var.install_script_dest_path}"
|
destination = "${var.install_script_dest_path}"
|
||||||
|
|
||||||
connection {
|
connection {
|
||||||
type = "ssh"
|
type = "ssh"
|
||||||
user = "root"
|
user = "root"
|
||||||
private_key = "${file("${var.private_key_path}")}"
|
private_key = "${file("${var.private_key_path}")}"
|
||||||
agent = false
|
agent = false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
connection {
|
connection {
|
||||||
type = "ssh"
|
type = "ssh"
|
||||||
user = "root"
|
user = "root"
|
||||||
private_key = "${file("${var.private_key_path}")}"
|
private_key = "${file("${var.private_key_path}")}"
|
||||||
agent = false
|
agent = false
|
||||||
}
|
}
|
||||||
|
|
||||||
inline = [
|
inline = [
|
||||||
"chmod +x ${var.install_script_dest_path}",
|
"chmod +x ${var.install_script_dest_path}",
|
||||||
"sudo ${var.install_script_dest_path} ${count.index}"
|
"sudo ${var.install_script_dest_path} ${count.index}",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -80,14 +83,14 @@ resource "google_compute_instance" "www" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "google_compute_firewall" "default" {
|
resource "google_compute_firewall" "default" {
|
||||||
name = "tf-www-firewall"
|
name = "tf-www-firewall"
|
||||||
network = "default"
|
network = "default"
|
||||||
|
|
||||||
allow {
|
allow {
|
||||||
protocol = "tcp"
|
protocol = "tcp"
|
||||||
ports = ["80"]
|
ports = ["80"]
|
||||||
}
|
}
|
||||||
|
|
||||||
source_ranges = ["0.0.0.0/0"]
|
source_ranges = ["0.0.0.0/0"]
|
||||||
target_tags = ["www-node"]
|
target_tags = ["www-node"]
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,25 +12,25 @@ variable "project_name" {
|
||||||
|
|
||||||
variable "credentials_file_path" {
|
variable "credentials_file_path" {
|
||||||
description = "Path to the JSON file used to describe your account credentials"
|
description = "Path to the JSON file used to describe your account credentials"
|
||||||
default = "~/.gcloud/Terraform.json"
|
default = "~/.gcloud/Terraform.json"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "public_key_path" {
|
variable "public_key_path" {
|
||||||
description = "Path to file containing public key"
|
description = "Path to file containing public key"
|
||||||
default = "~/.ssh/gcloud_id_rsa.pub"
|
default = "~/.ssh/gcloud_id_rsa.pub"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "private_key_path" {
|
variable "private_key_path" {
|
||||||
description = "Path to file containing private key"
|
description = "Path to file containing private key"
|
||||||
default = "~/.ssh/gcloud_id_rsa"
|
default = "~/.ssh/gcloud_id_rsa"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "install_script_src_path" {
|
variable "install_script_src_path" {
|
||||||
description = "Path to install script within this repository"
|
description = "Path to install script within this repository"
|
||||||
default = "scripts/install.sh"
|
default = "scripts/install.sh"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "install_script_dest_path" {
|
variable "install_script_dest_path" {
|
||||||
description = "Path to put the install script on each destination resource"
|
description = "Path to put the install script on each destination resource"
|
||||||
default = "/tmp/install.sh"
|
default = "/tmp/install.sh"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,24 +1,24 @@
|
||||||
resource "openstack_compute_keypair_v2" "terraform" {
|
resource "openstack_compute_keypair_v2" "terraform" {
|
||||||
name = "terraform"
|
name = "terraform"
|
||||||
public_key = "${file("${var.ssh_key_file}.pub")}"
|
public_key = "${file("${var.ssh_key_file}.pub")}"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "openstack_networking_network_v2" "terraform" {
|
resource "openstack_networking_network_v2" "terraform" {
|
||||||
name = "terraform"
|
name = "terraform"
|
||||||
admin_state_up = "true"
|
admin_state_up = "true"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "openstack_networking_subnet_v2" "terraform" {
|
resource "openstack_networking_subnet_v2" "terraform" {
|
||||||
name = "terraform"
|
name = "terraform"
|
||||||
network_id = "${openstack_networking_network_v2.terraform.id}"
|
network_id = "${openstack_networking_network_v2.terraform.id}"
|
||||||
cidr = "10.0.0.0/24"
|
cidr = "10.0.0.0/24"
|
||||||
ip_version = 4
|
ip_version = 4
|
||||||
dns_nameservers = ["8.8.8.8","8.8.4.4"]
|
dns_nameservers = ["8.8.8.8", "8.8.4.4"]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "openstack_networking_router_v2" "terraform" {
|
resource "openstack_networking_router_v2" "terraform" {
|
||||||
name = "terraform"
|
name = "terraform"
|
||||||
admin_state_up = "true"
|
admin_state_up = "true"
|
||||||
external_gateway = "${var.external_gateway}"
|
external_gateway = "${var.external_gateway}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -28,52 +28,58 @@ resource "openstack_networking_router_interface_v2" "terraform" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "openstack_compute_secgroup_v2" "terraform" {
|
resource "openstack_compute_secgroup_v2" "terraform" {
|
||||||
name = "terraform"
|
name = "terraform"
|
||||||
description = "Security group for the Terraform example instances"
|
description = "Security group for the Terraform example instances"
|
||||||
|
|
||||||
rule {
|
rule {
|
||||||
from_port = 22
|
from_port = 22
|
||||||
to_port = 22
|
to_port = 22
|
||||||
ip_protocol = "tcp"
|
ip_protocol = "tcp"
|
||||||
cidr = "0.0.0.0/0"
|
cidr = "0.0.0.0/0"
|
||||||
}
|
}
|
||||||
|
|
||||||
rule {
|
rule {
|
||||||
from_port = 80
|
from_port = 80
|
||||||
to_port = 80
|
to_port = 80
|
||||||
ip_protocol = "tcp"
|
ip_protocol = "tcp"
|
||||||
cidr = "0.0.0.0/0"
|
cidr = "0.0.0.0/0"
|
||||||
}
|
}
|
||||||
|
|
||||||
rule {
|
rule {
|
||||||
from_port = -1
|
from_port = -1
|
||||||
to_port = -1
|
to_port = -1
|
||||||
ip_protocol = "icmp"
|
ip_protocol = "icmp"
|
||||||
cidr = "0.0.0.0/0"
|
cidr = "0.0.0.0/0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "openstack_compute_floatingip_v2" "terraform" {
|
resource "openstack_compute_floatingip_v2" "terraform" {
|
||||||
pool = "${var.pool}"
|
pool = "${var.pool}"
|
||||||
depends_on = ["openstack_networking_router_interface_v2.terraform"]
|
depends_on = ["openstack_networking_router_interface_v2.terraform"]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "openstack_compute_instance_v2" "terraform" {
|
resource "openstack_compute_instance_v2" "terraform" {
|
||||||
name = "terraform"
|
name = "terraform"
|
||||||
image_name = "${var.image}"
|
image_name = "${var.image}"
|
||||||
flavor_name = "${var.flavor}"
|
flavor_name = "${var.flavor}"
|
||||||
key_pair = "${openstack_compute_keypair_v2.terraform.name}"
|
key_pair = "${openstack_compute_keypair_v2.terraform.name}"
|
||||||
security_groups = [ "${openstack_compute_secgroup_v2.terraform.name}" ]
|
security_groups = ["${openstack_compute_secgroup_v2.terraform.name}"]
|
||||||
floating_ip = "${openstack_compute_floatingip_v2.terraform.address}"
|
floating_ip = "${openstack_compute_floatingip_v2.terraform.address}"
|
||||||
|
|
||||||
network {
|
network {
|
||||||
uuid = "${openstack_networking_network_v2.terraform.id}"
|
uuid = "${openstack_networking_network_v2.terraform.id}"
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
connection {
|
connection {
|
||||||
user = "${var.ssh_user_name}"
|
user = "${var.ssh_user_name}"
|
||||||
key_file = "${var.ssh_key_file}"
|
key_file = "${var.ssh_key_file}"
|
||||||
}
|
}
|
||||||
|
|
||||||
inline = [
|
inline = [
|
||||||
"sudo apt-get -y update",
|
"sudo apt-get -y update",
|
||||||
"sudo apt-get -y install nginx",
|
"sudo apt-get -y install nginx",
|
||||||
"sudo service nginx start"
|
"sudo service nginx start",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
output "address" {
|
output "address" {
|
||||||
value = "${openstack_compute_floatingip_v2.terraform.address}"
|
value = "${openstack_compute_floatingip_v2.terraform.address}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,22 +1,21 @@
|
||||||
variable "image" {
|
variable "image" {
|
||||||
default = "Ubuntu 14.04"
|
default = "Ubuntu 14.04"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "flavor" {
|
variable "flavor" {
|
||||||
default = "m1.small"
|
default = "m1.small"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "ssh_key_file" {
|
variable "ssh_key_file" {
|
||||||
default = "~/.ssh/id_rsa.terraform"
|
default = "~/.ssh/id_rsa.terraform"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "ssh_user_name" {
|
variable "ssh_user_name" {
|
||||||
default = "ubuntu"
|
default = "ubuntu"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "external_gateway" {
|
variable "external_gateway" {}
|
||||||
}
|
|
||||||
|
|
||||||
variable "pool" {
|
variable "pool" {
|
||||||
default = "public"
|
default = "public"
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue