diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..71e6cdb --- /dev/null +++ b/.gitignore @@ -0,0 +1,50 @@ +################################################################################ +# Pulled from github/gitignore 2021-11-10 commit 1a84870 +################################################################################ + +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +# Added to original pulled from github/gitignore +crash*.log + +# Exclude all .tfvars files, which are likely to contain sentitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +# +*.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc + +################################################################################ +# end Pulled from github/gitignore 2021-11-10 commit 1a84870 +################################################################################ + +k8s-key* +*admin-key* +TARTHERE +inventory + diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl new file mode 100644 index 0000000..5f76ac4 --- /dev/null +++ b/.terraform.lock.hcl @@ -0,0 +1,57 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/dmacvicar/libvirt" { + version = "0.6.11" + hashes = [ + "h1:6QzHY/7aNdaaDxJZKygotWnM5uHoS2gs/03CzUCJX60=", + "zh:15300a1c3c294eccade4c8a678412d81602ab041dc0a5aab72fee5425d778e89", + "zh:1605806de0d3b86b7e94b5d04a7ad9b6ac695781f9672ab6002c23caef43b98e", + "zh:21efc5937d89f9ec96bc626d2ce3621c0919b3da97ab63b4e520c37d3f5c7357", + "zh:2c143a6909917fd11191447de4c496f084c7da5200beb9f512791a80a1f33e7c", + "zh:3ca369718cc49feefc3a6ffa795a9055e60de33989a9f1c72b6db16048a181fa", + "zh:71db1d1cf2c06984bba408ad5dc9b4e25285684ee5c530a61583b202cff21b96", + "zh:a67adfc988311d34adcc119500c2ef048a45d632b00bb5a15ea6d3ffdc1c3d1c", + "zh:a83448cbcc194e3b52af9b89b9273a116082d83f2c966035bf8a8c5d5606ca9c", + "zh:a9c5a818dd2606460d4d6f33af7cb387f3e984d631fc233aaec0dda4e0756c2b", + "zh:af3263e66cf9138361d6d7408533edd6de8498e67c88cf0084421ae31fe89054", + "zh:b9596cb26c1e391172472de4ada9b3b0a08e4777e41327db8e021454cc6aae20", + "zh:e28124b9ee0b8c18b6f776eb6523d8935f3072c47cd803ea2f1a06206effaa48", + "zh:edd00638d8c088b8a38e7ab8b9e8ab3bd710f7357d0f6b4a38e0028bd49d8460", + ] +} + +provider "registry.terraform.io/hashicorp/aws" { + version = "3.64.2" + hashes = [ + "h1:oFsgTmmt/eJ8KLo59PSmYu/irUHJiPnQEey0VqaOOck=", + "zh:0b029a2282beabfe410eb2969e18ca773d3473415e442be4dc8ce0eb6d1cd8c5", + "zh:3209de3266a1138f1ccb09f094fdd98b6f55afc06e291db0abe092ec5dbe7640", + "zh:40648266551631cbc15f8a76e80faf300510e3b38c2544d43fc25e37e6802727", + "zh:483c8af92ae70146f2790a70c1a810251e7135aa912b66e769c934eddceebe32", + "zh:4d106d8d415d8df342f3f85e58c35418e6c55e3cb7f02897f832cefac4dca68c", + "zh:972626a6ddb31d5216606d12ab5c30fbf8d51ed2bbe0efcdd7cffa68c1141557", + "zh:a230d55ec52b1695148d40296877ee23e0b302e817154f9b838eb117c87b13fa", + "zh:c95fddfbd7f870db949da0601323e866e0f0fb0d4a93e96725ae5b88029e84d5", + "zh:ea0c7f568074f835f22273c8e7e61e87f5277e32004c72122915fd3c8df49ccc", + "zh:f96d25887e6e2d2ae47659e2c586efea2167995b59a479ae65a02b097da86474", + "zh:fe7502d8e52d3b5ccb2b3c178e7ea894344783093aa71ffb20e978914c976182", + ] +} + +provider "registry.terraform.io/hashicorp/template" { + version = "2.2.0" + hashes = [ + "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=", + "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386", + "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53", + "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603", + "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16", + "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776", + "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451", + "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae", + "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde", + "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d", + "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2", + ] +} diff --git a/get-vm-ips.sh b/get-vm-ips.sh index b8ab1df..7fc5178 100755 --- a/get-vm-ips.sh +++ b/get-vm-ips.sh @@ -22,6 +22,10 @@ VM_NAME_PREFIX="$( tail -n 1 | \ sed 's/^.*=\s*"\(.*\)"/\1/g')" +PUBLIC_IP_OUTPUT="groups_hostnames_ips" +PRIVATE_IP_OUTPUT="groups_hostnames_private_ips" +IP_TYPE="$PRIVATE_IP_OUTPUT" + # This command stores the output data in the format below. # [ # { @@ -48,7 +52,7 @@ VM_NAME_PREFIX="$( # } # ] DATA="$(terraform show -json | \ - jq '.values.outputs.groups_hostnames_ips.value | to_entries | + jq '.values.outputs.'"$IP_TYPE"'.value | to_entries | map({group: .key, vms:.value | to_entries | map({hostname:.key,ip:.value})})')" diff --git a/main.tf b/main.tf index 49093b7..40d415f 100644 --- a/main.tf +++ b/main.tf @@ -2,11 +2,11 @@ locals { nodes-config = { "master" = { - base-image = var.centos8-ami + base-image = var.ubuntu-ami num = 1 }, "worker" = { - base-image = var.centos8-ami + base-image = var.ubuntu-ami num = 2 } } @@ -59,7 +59,9 @@ module "cloud-init-config" { # } module "aws-network-existing" { - source = "./modules/aws-network-existing" + source = "./modules/aws-network-existing" + default-vpc-name = var.aws-existing-vpc-name + default-security-group-name = var.aws-existing-sg-name } ################################################################################ @@ -79,8 +81,13 @@ module "nodes" { source = "./modules/aws-nodes" ami = each.value.base-image ec2-instance-type = var.aws-ec2-instance-type +<<<<<<< HEAD subnet-id = module.aws-network.subnet.id security-group-ids = [module.aws-network.default-security-group.id] +======= + subnet-id = module.aws-network-existing.k8s-subnets-ids[0] + security-group-ids = [module.aws-network-existing.default-sg.id] +>>>>>>> gitea user-datas = lookup(module.cloud-init-config, each.key, null).user-datas num-nodes = each.value.num name-prefix = "${var.vm-name-prefix}-${each.key}" @@ -127,8 +134,21 @@ module "nodes" { # end libvirt ################################################################################ +<<<<<<< HEAD # This will output a map of group => [{hostname, ip}]. +======= +# This will outpus a map of group => [{hostname, ip}]. +>>>>>>> gitea # TODO A 'names' output needs to be added to libvirt. output "groups_hostnames_ips" { value = { for type, node in module.nodes : type => zipmap(node.names, node.ips) } } +<<<<<<< HEAD +======= + +# This will outpus a map of group => [{hostname, private_ip}]. +# TODO Figure out how what to do about private_ips for libvirt. +output "groups_hostnames_private_ips" { + value = { for type, node in module.nodes : type => zipmap(node.names, node.private_ips) } +} +>>>>>>> gitea diff --git a/modules/aws-amis/main.tf b/modules/aws-amis/main.tf index 1949653..8cb82d8 100644 --- a/modules/aws-amis/main.tf +++ b/modules/aws-amis/main.tf @@ -1,31 +1,52 @@ locals { amis = { amzn2 = { - owner-id = "137112412989" + # us-east-2 + # owner-id = "137112412989" + # us-gov-west-1 + owner-id = "045324592363" name = "amzn2-ami-hvm-2*x86_64-gp2" }, ubuntu = { - owner-id = "099720109477" + # us-east-2 + # owner-id = "099720109477" + # us-gov-west-1 + owner-id = "513442679011" name = "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*" }, - centos7 = { - owner-id = "125523088429" - name = "CentOS 7.*x86_64" - }, - centos8 = { - owner-id = "125523088429" - name = "CentOS 8.*x86_64" - }, - arch = { - owner-id = "093273469852" - name = "arch-linux-lts-hvm*x86_64-ebs" - }, + # centos7 = { + # # us-east-2 + # # owner-id = "125523088429" + # # us-gov-west-1 + # # owner-id = THERE IS NO CENTOS7 IMAGE in us-gov-west-1!! + # name = "CentOS 7.*x86_64" + # }, + # centos8 = { + # # us-east-2 + # # owner-id = "125523088429" + # # us-gov-west-1 + # # owner-id = THERE IS NO CENTOS8 IMAGE in us-gov-west-1!! + # name = "CentOS 8.*x86_64" + # }, + # arch = { + # # us-east-2 + # # owner-id = "093273469852" + # # us-gov-west-1 + # # owner-id = THERE IS NO ARCH IMAGE in us-gov-west-1!! + # name = "arch-linux-lts-hvm*x86_64-ebs" + # }, rhel7 = { - owner-id = "309956199498" + # us-east-2 + # owner-id = "309956199498" + # us-gov-west-1 + owner-id = "219670896067" name = "RHEL-7.*HVM*x86_64*GP2" }, rhel8 = { - owner-id = "309956199498" + # us-east-2 + # owner-id = "309956199498" + # us-gov-west-1 + owner-id = "219670896067" name = "RHEL-8.*HVM*x86_64*GP2" } } diff --git a/modules/aws-network-existing/main.tf b/modules/aws-network-existing/main.tf index 81d25c3..19fff56 100644 --- a/modules/aws-network-existing/main.tf +++ b/modules/aws-network-existing/main.tf @@ -21,3 +21,7 @@ data "aws_subnet" "subnets" { for_each = toset(data.aws_subnets.subnet-ids.ids) id = each.key } + +data "aws_security_group" "default" { + name = var.default-security-group-name +} diff --git a/modules/aws-network-existing/outputs.tf b/modules/aws-network-existing/outputs.tf index f16e968..affe10d 100644 --- a/modules/aws-network-existing/outputs.tf +++ b/modules/aws-network-existing/outputs.tf @@ -2,12 +2,16 @@ output "default-vpc" { value = data.aws_vpc.default } +output "default-sg" { + value = data.aws_security_group.default +} + output "subnets" { description = "An array of all subnets in default-vpc." value = data.aws_subnet.subnets } -output "k8s-subnets" { +output "k8s-subnets-ids" { description = "An array of subnets to be used for k8s VMs. These subnets were chosen by selecting a single subnet from each availability_zone." value = [for k,v in local.az-to-subnets : v[0]] } diff --git a/modules/aws-network-existing/variables.tf b/modules/aws-network-existing/variables.tf index b03ebd1..9add409 100644 --- a/modules/aws-network-existing/variables.tf +++ b/modules/aws-network-existing/variables.tf @@ -1,4 +1,7 @@ +variable "default-security-group-name" { + description = "The name of the existing default security group. This module will query AWS for a security group with this name," +} + variable "default-vpc-name" { description = "The name of the existing default VPC. This module will query AWS for a VPC with this name," - default = "Managed VPC" } diff --git a/modules/aws-network/main.tf b/modules/aws-network/main.tf new file mode 100644 index 0000000..6056fc0 --- /dev/null +++ b/modules/aws-network/main.tf @@ -0,0 +1,67 @@ +resource "aws_vpc" "vpc" { + cidr_block = var.vpc-cidr-block + tags = { + Name = "${var.name-prefix}-vpc" + } +} + +resource "aws_subnet" "subnet" { + vpc_id = aws_vpc.vpc.id + cidr_block = var.subnet-cidr-block + # availability_zone = var.avail_zone + tags = { + Name = "${var.name-prefix}-subnet" + } +} + +resource "aws_default_security_group" "sg" { + vpc_id = aws_vpc.vpc.id + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = var.admin-ips + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + prefix_list_ids = [] + } + + tags = { + Name = "${var.name-prefix}-ssh-from-admins-sg" + } +} + +resource "aws_internet_gateway" "igw" { + vpc_id = aws_vpc.vpc.id + tags = { + Name = "${var.name-prefix}-igw" + } +} + +resource "aws_default_route_table" "route-table" { + default_route_table_id = aws_vpc.vpc.main_route_table_id + + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.igw.id + } + + # default route, mapping VPC CIDR block to "local", created implicitly and + # cannot be specified. + + tags = { + Name = "${var.name-prefix}-route-table" + } +} + +# Associate subnet with Route Table +resource "aws_route_table_association" "a-rtb-subnet" { + subnet_id = aws_subnet.subnet.id + route_table_id = aws_default_route_table.route-table.id +} diff --git a/modules/aws-network/outputs.tf b/modules/aws-network/outputs.tf new file mode 100644 index 0000000..5d43ec7 --- /dev/null +++ b/modules/aws-network/outputs.tf @@ -0,0 +1,11 @@ +output "vpc" { + value = aws_vpc.vpc +} + +output "subnet" { + value = aws_subnet.subnet +} + +output "default-security-group" { + value = aws_default_security_group.sg +} diff --git a/modules/aws-network/variables.tf b/modules/aws-network/variables.tf new file mode 100644 index 0000000..527523e --- /dev/null +++ b/modules/aws-network/variables.tf @@ -0,0 +1,23 @@ +variable "admin-ips" { + description = "A list of ips or cidr blocks that are allowed to connect to the nodes." + type = list(string) +} + +variable "name-prefix" { + default = "tf" + description = "This prefix will be used in all the names of the resources creates in our AWS network." + type = string +} + +variable "subnet-cidr-block" { + default = "10.0.1.0/24" + description = "The address space to be used for this subnet." + type = string +} + +variable "vpc-cidr-block" { + default = "10.0.0.0/16" + description = "The address space to be used for out networks VPC." + type = string +} + diff --git a/modules/aws-nodes/main.tf b/modules/aws-nodes/main.tf index 282a488..a9f0c1e 100644 --- a/modules/aws-nodes/main.tf +++ b/modules/aws-nodes/main.tf @@ -1,8 +1,7 @@ resource "aws_instance" "nodes" { ami = var.ami instance_type = var.ec2-instance-type - # TODO REM double check this key. - # key_name = aws_key_pair.debug1.key_name + # TODO Make this a variable. associate_public_ip_address = true subnet_id = var.subnet-id vpc_security_group_ids = var.security-group-ids diff --git a/modules/aws-nodes/outputs.tf b/modules/aws-nodes/outputs.tf index 0b4fe7c..ac1ae29 100644 --- a/modules/aws-nodes/outputs.tf +++ b/modules/aws-nodes/outputs.tf @@ -2,6 +2,10 @@ output "ips" { value = aws_instance.nodes.*.public_ip } +output "private_ips" { + value = aws_instance.nodes.*.private_ip +} + output "names" { value = aws_instance.nodes.*.tags.Name } diff --git a/variables.tf b/variables.tf index aa13de2..fed0de5 100644 --- a/variables.tf +++ b/variables.tf @@ -1,4 +1,5 @@ variable "admin-ips" { + default = ["0.0.0.0/0"] description = "A list of ips or cidr blocks that are allowed to connect to the nodes." type = list(string) } @@ -8,6 +9,16 @@ variable "aws-ec2-instance-type" { description = "The AWS instance type to use for all nodes." } +variable "aws-existing-sg-name" { + default = "change-me-if-using-aws-network-existing" + description = "The name of the existing security group when using aws-network-existing." +} + +variable "aws-existing-vpc-name" { + default = "change-me-if-using-aws-network-existing" + description = "The name of the existing VPC when using aws-network-existing." +} + variable "aws-region" { default = "us-east-1" description = "The AWS region to use." @@ -33,6 +44,7 @@ variable "disk-image-pool-name" { } variable "libvirt-connection-url" { + default = "nobody@localhost" description = "The libvirt connection URI, ie. qemu+ssh://@/system" } @@ -95,31 +107,46 @@ variable "vm-name-prefix" { ################################################################################ variable "amzn2-ami" { - default = "ami-0dd0ccab7e2801812" + # us-east-2 + # default = "ami-0dd0ccab7e2801812" + # us-gov-west-1 + default = "ami-098bf51d9a35299f0" description = "The AMI to use for Amazon Linux 2." } variable "ubuntu-ami" { - default = "ami-06c7d6c0987eaa46c" + # us-east-2 + # default = "ami-06c7d6c0987eaa46c" + # us-gov-west-1 + default = "ami-087ee83c8de303181" description = "The AMI to use for Ubuntu." } variable "centos7-ami" { + # us-east-2 default = "ami-00f8e2c955f7ffa9b" description = "The AMI to use for CentOS 7." } variable "centos8-ami" { + # us-east-2 default = "ami-057cacbfbbb471bb3" description = "The AMI to use for CentOS 8." } variable "arch-ami" { + # us-east-2 default = "ami-02653f06de985e3ba" description = "The AMI to use for Arch Linux." } variable "rhel7-ami" { - default = "ami-0a509b3c2a4d05b3f" + # us-east-2 + # default = "ami-0a509b3c2a4d05b3f" + # us-gov-west-1 + default = "ami-04ccdf5793086ea95" description = "The AMI to use for RHEL 7." } variable "rhel8-ami" { - default = "ami-0d871ca8a77af2948" + # us-east-2 + # default = "ami-0d871ca8a77af2948" + # us-gov-west-1 + default = "ami-0b1f10cd1cd107dd2" description = "The AMI to use for RHEL 8." }