Rebasing.

.gitignore

@@ -0,0 +1,50 @@
+################################################################################
+# Pulled from github/gitignore 2021-11-10 commit 1a84870
+################################################################################
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+# Added to original pulled from github/gitignore
+crash*.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+################################################################################
+# end Pulled from github/gitignore 2021-11-10 commit 1a84870
+################################################################################
+
+k8s-key*
+*admin-key*
+TARTHERE
+inventory
+

.terraform.lock.hcl

@@ -0,0 +1,57 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/dmacvicar/libvirt" {
+  version = "0.6.11"
+  hashes = [
+    "h1:6QzHY/7aNdaaDxJZKygotWnM5uHoS2gs/03CzUCJX60=",
+    "zh:15300a1c3c294eccade4c8a678412d81602ab041dc0a5aab72fee5425d778e89",
+    "zh:1605806de0d3b86b7e94b5d04a7ad9b6ac695781f9672ab6002c23caef43b98e",
+    "zh:21efc5937d89f9ec96bc626d2ce3621c0919b3da97ab63b4e520c37d3f5c7357",
+    "zh:2c143a6909917fd11191447de4c496f084c7da5200beb9f512791a80a1f33e7c",
+    "zh:3ca369718cc49feefc3a6ffa795a9055e60de33989a9f1c72b6db16048a181fa",
+    "zh:71db1d1cf2c06984bba408ad5dc9b4e25285684ee5c530a61583b202cff21b96",
+    "zh:a67adfc988311d34adcc119500c2ef048a45d632b00bb5a15ea6d3ffdc1c3d1c",
+    "zh:a83448cbcc194e3b52af9b89b9273a116082d83f2c966035bf8a8c5d5606ca9c",
+    "zh:a9c5a818dd2606460d4d6f33af7cb387f3e984d631fc233aaec0dda4e0756c2b",
+    "zh:af3263e66cf9138361d6d7408533edd6de8498e67c88cf0084421ae31fe89054",
+    "zh:b9596cb26c1e391172472de4ada9b3b0a08e4777e41327db8e021454cc6aae20",
+    "zh:e28124b9ee0b8c18b6f776eb6523d8935f3072c47cd803ea2f1a06206effaa48",
+    "zh:edd00638d8c088b8a38e7ab8b9e8ab3bd710f7357d0f6b4a38e0028bd49d8460",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version = "3.64.2"
+  hashes = [
+    "h1:oFsgTmmt/eJ8KLo59PSmYu/irUHJiPnQEey0VqaOOck=",
+    "zh:0b029a2282beabfe410eb2969e18ca773d3473415e442be4dc8ce0eb6d1cd8c5",
+    "zh:3209de3266a1138f1ccb09f094fdd98b6f55afc06e291db0abe092ec5dbe7640",
+    "zh:40648266551631cbc15f8a76e80faf300510e3b38c2544d43fc25e37e6802727",
+    "zh:483c8af92ae70146f2790a70c1a810251e7135aa912b66e769c934eddceebe32",
+    "zh:4d106d8d415d8df342f3f85e58c35418e6c55e3cb7f02897f832cefac4dca68c",
+    "zh:972626a6ddb31d5216606d12ab5c30fbf8d51ed2bbe0efcdd7cffa68c1141557",
+    "zh:a230d55ec52b1695148d40296877ee23e0b302e817154f9b838eb117c87b13fa",
+    "zh:c95fddfbd7f870db949da0601323e866e0f0fb0d4a93e96725ae5b88029e84d5",
+    "zh:ea0c7f568074f835f22273c8e7e61e87f5277e32004c72122915fd3c8df49ccc",
+    "zh:f96d25887e6e2d2ae47659e2c586efea2167995b59a479ae65a02b097da86474",
+    "zh:fe7502d8e52d3b5ccb2b3c178e7ea894344783093aa71ffb20e978914c976182",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/template" {
+  version = "2.2.0"
+  hashes = [
+    "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=",
+    "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386",
+    "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53",
+    "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603",
+    "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16",
+    "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776",
+    "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451",
+    "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae",
+    "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde",
+    "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d",
+    "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2",
+  ]
+}

get-vm-ips.sh

@@ -22,6 +22,10 @@ VM_NAME_PREFIX="$(
         tail -n 1 | \
         sed 's/^.*=\s*"\(.*\)"/\1/g')"
 
+PUBLIC_IP_OUTPUT="groups_hostnames_ips"
+PRIVATE_IP_OUTPUT="groups_hostnames_private_ips"
+IP_TYPE="$PRIVATE_IP_OUTPUT"
+
 # This command stores the output data in the format below.
 # [
 #   {
@@ -48,7 +52,7 @@ VM_NAME_PREFIX="$(
 #   }
 # ]
 DATA="$(terraform show -json | \
-    jq '.values.outputs.groups_hostnames_ips.value | to_entries |
+    jq '.values.outputs.'"$IP_TYPE"'.value | to_entries |
         map({group: .key, vms:.value | to_entries |
         map({hostname:.key,ip:.value})})')"
 

main.tf

@@ -2,11 +2,11 @@
 locals {
   nodes-config = {
     "master" = {
-      base-image = var.centos8-ami
+      base-image = var.ubuntu-ami
       num = 1
     },
     "worker" = {
-      base-image = var.centos8-ami
+      base-image = var.ubuntu-ami
       num = 2
     }
   }
@@ -59,7 +59,9 @@ module "cloud-init-config" {
 # }
 
 module "aws-network-existing" {
-  source = "./modules/aws-network-existing"
+  source                      = "./modules/aws-network-existing"
+  default-vpc-name            = var.aws-existing-vpc-name
+  default-security-group-name = var.aws-existing-sg-name
 }
 
 ################################################################################
@@ -79,8 +81,13 @@ module "nodes" {
   source             = "./modules/aws-nodes"
   ami                = each.value.base-image
   ec2-instance-type  = var.aws-ec2-instance-type
+<<<<<<< HEAD
   subnet-id          = module.aws-network.subnet.id
   security-group-ids = [module.aws-network.default-security-group.id]
+=======
+  subnet-id          = module.aws-network-existing.k8s-subnets-ids[0]
+  security-group-ids = [module.aws-network-existing.default-sg.id]
+>>>>>>> gitea
   user-datas         = lookup(module.cloud-init-config, each.key, null).user-datas
   num-nodes          = each.value.num
   name-prefix        = "${var.vm-name-prefix}-${each.key}"
@@ -127,8 +134,21 @@ module "nodes" {
 # end libvirt
 ################################################################################
 
+<<<<<<< HEAD
 # This will output a map of group => [{hostname, ip}].
+=======
+# This will outpus a map of group => [{hostname, ip}].
+>>>>>>> gitea
 # TODO A 'names' output needs to be added to libvirt.
 output "groups_hostnames_ips" {
   value = { for type, node in module.nodes : type => zipmap(node.names, node.ips) }
 }
+<<<<<<< HEAD
+=======
+
+# This will outpus a map of group => [{hostname, private_ip}].
+# TODO Figure out how what to do about private_ips for libvirt.
+output "groups_hostnames_private_ips" {
+  value = { for type, node in module.nodes : type => zipmap(node.names, node.private_ips) }
+}
+>>>>>>> gitea

modules/aws-amis/main.tf

@@ -1,31 +1,52 @@
 locals {
   amis = {
     amzn2 = {
-      owner-id = "137112412989"
+      # us-east-2
+      # owner-id = "137112412989"
+      # us-gov-west-1
+      owner-id = "045324592363"
       name = "amzn2-ami-hvm-2*x86_64-gp2"
     },
     ubuntu = {
-      owner-id = "099720109477"
+      # us-east-2
+      # owner-id = "099720109477"
+      # us-gov-west-1
+      owner-id = "513442679011"
       name = "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"
     },
-    centos7 = {
+    # centos7 = {
-      owner-id = "125523088429"
+    #   # us-east-2
-      name = "CentOS 7.*x86_64"
+    #   # owner-id = "125523088429"
-    },
+    #   # us-gov-west-1
-    centos8 = {
+    #   # owner-id = THERE IS NO CENTOS7 IMAGE in us-gov-west-1!!
-      owner-id = "125523088429"
+    #   name = "CentOS 7.*x86_64"
-      name = "CentOS 8.*x86_64"
+    # },
-    },
+    # centos8 = {
-    arch = {
+    #   # us-east-2
-      owner-id = "093273469852"
+    #   # owner-id = "125523088429"
-      name = "arch-linux-lts-hvm*x86_64-ebs"
+    #   # us-gov-west-1
-    },
+    #   # owner-id = THERE IS NO CENTOS8 IMAGE in us-gov-west-1!!
+    #   name = "CentOS 8.*x86_64"
+    # },
+    # arch = {
+    #   # us-east-2
+    #   # owner-id = "093273469852"
+    #   # us-gov-west-1
+    #   # owner-id = THERE IS NO ARCH IMAGE in us-gov-west-1!!
+    #   name = "arch-linux-lts-hvm*x86_64-ebs"
+    # },
     rhel7 = {
-      owner-id = "309956199498"
+      # us-east-2
+      # owner-id = "309956199498"
+      # us-gov-west-1
+      owner-id = "219670896067"
       name = "RHEL-7.*HVM*x86_64*GP2"
     },
     rhel8 = {
-      owner-id = "309956199498"
+      # us-east-2
+      # owner-id = "309956199498"
+      # us-gov-west-1
+      owner-id = "219670896067"
       name = "RHEL-8.*HVM*x86_64*GP2"
     }
   }

modules/aws-network-existing/main.tf

@@ -21,3 +21,7 @@ data "aws_subnet" "subnets" {
   for_each = toset(data.aws_subnets.subnet-ids.ids)
   id = each.key
 }
+
+data "aws_security_group" "default" {
+  name = var.default-security-group-name
+}

modules/aws-network-existing/outputs.tf

@@ -2,12 +2,16 @@ output "default-vpc" {
   value = data.aws_vpc.default
 }
 
+output "default-sg" {
+  value = data.aws_security_group.default
+}
+
 output "subnets" {
   description = "An array of all subnets in default-vpc."
   value = data.aws_subnet.subnets
 }
 
-output "k8s-subnets" {
+output "k8s-subnets-ids" {
   description = "An array of subnets to be used for k8s VMs. These subnets were chosen by selecting a single subnet from each availability_zone."
   value = [for k,v in local.az-to-subnets : v[0]]
 }

modules/aws-network-existing/variables.tf

@@ -1,4 +1,7 @@
+variable "default-security-group-name" {
+  description = "The name of the existing default security group. This module will query AWS for a security group with this name,"
+}
+
 variable "default-vpc-name" {
   description = "The name of the existing default VPC. This module will query AWS for a VPC with this name,"
-  default = "Managed VPC"
 }

modules/aws-network/main.tf

@@ -0,0 +1,67 @@
+resource "aws_vpc" "vpc" {
+  cidr_block = var.vpc-cidr-block
+  tags = {
+      Name = "${var.name-prefix}-vpc"
+  }
+}
+
+resource "aws_subnet" "subnet" {
+  vpc_id = aws_vpc.vpc.id
+  cidr_block = var.subnet-cidr-block
+  # availability_zone = var.avail_zone
+  tags = {
+      Name = "${var.name-prefix}-subnet"
+  }
+}
+
+resource "aws_default_security_group" "sg" {
+  vpc_id = aws_vpc.vpc.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = var.admin-ips
+  }
+
+  egress {
+    from_port       = 0
+    to_port         = 0
+    protocol        = "-1"
+    cidr_blocks     = ["0.0.0.0/0"]
+    prefix_list_ids = []
+  }
+
+  tags = {
+    Name = "${var.name-prefix}-ssh-from-admins-sg"
+  }
+}
+
+resource "aws_internet_gateway" "igw" {
+	vpc_id = aws_vpc.vpc.id
+  tags = {
+    Name = "${var.name-prefix}-igw"
+  }
+}
+
+resource "aws_default_route_table" "route-table" {
+   default_route_table_id = aws_vpc.vpc.main_route_table_id
+
+   route {
+     cidr_block = "0.0.0.0/0"
+     gateway_id = aws_internet_gateway.igw.id
+   }
+
+   # default route, mapping VPC CIDR block to "local", created implicitly and
+   # cannot be specified.
+
+   tags = {
+     Name = "${var.name-prefix}-route-table"
+   }
+}
+
+# Associate subnet with Route Table
+resource "aws_route_table_association" "a-rtb-subnet" {
+  subnet_id      = aws_subnet.subnet.id
+  route_table_id = aws_default_route_table.route-table.id
+}

modules/aws-network/outputs.tf

@@ -0,0 +1,11 @@
+output "vpc" {
+  value = aws_vpc.vpc
+}
+
+output "subnet" {
+  value = aws_subnet.subnet
+}
+
+output "default-security-group" {
+  value = aws_default_security_group.sg
+}

modules/aws-network/variables.tf

@@ -0,0 +1,23 @@
+variable "admin-ips" {
+  description = "A list of ips or cidr blocks that are allowed to connect to the nodes."
+  type = list(string)
+}
+
+variable "name-prefix" {
+  default = "tf"
+  description = "This prefix will be used in all the names of the resources creates in our AWS network."
+  type = string
+}
+
+variable "subnet-cidr-block" {
+  default = "10.0.1.0/24"
+  description = "The address space to be used for this subnet."
+  type = string
+}
+
+variable "vpc-cidr-block" {
+  default = "10.0.0.0/16"
+  description = "The address space to be used for out networks VPC."
+  type = string
+}
+

modules/aws-nodes/main.tf

@@ -1,8 +1,7 @@
 resource "aws_instance" "nodes" {
   ami                         = var.ami
   instance_type               = var.ec2-instance-type
-  # TODO REM double check this key.
+  # TODO Make this a variable.
-  # key_name                    = aws_key_pair.debug1.key_name
   associate_public_ip_address = true
   subnet_id                   = var.subnet-id
   vpc_security_group_ids = var.security-group-ids

modules/aws-nodes/outputs.tf

@@ -2,6 +2,10 @@ output "ips" {
   value = aws_instance.nodes.*.public_ip
 }
 
+output "private_ips" {
+  value = aws_instance.nodes.*.private_ip
+}
+
 output "names" {
   value = aws_instance.nodes.*.tags.Name
 }

variables.tf

@@ -1,4 +1,5 @@
 variable "admin-ips" {
+  default = ["0.0.0.0/0"]
   description = "A list of ips or cidr blocks that are allowed to connect to the nodes."
   type = list(string)
 }
@@ -8,6 +9,16 @@ variable "aws-ec2-instance-type" {
   description = "The AWS instance type to use for all nodes."
 }
 
+variable "aws-existing-sg-name" {
+  default = "change-me-if-using-aws-network-existing"
+  description = "The name of the existing security group when using aws-network-existing."
+}
+
+variable "aws-existing-vpc-name" {
+  default = "change-me-if-using-aws-network-existing"
+  description = "The name of the existing VPC when using aws-network-existing."
+}
+
 variable "aws-region" {
   default = "us-east-1"
   description = "The AWS region to use."
@@ -33,6 +44,7 @@ variable "disk-image-pool-name" {
 }
 
 variable "libvirt-connection-url" {
+  default = "nobody@localhost"
   description = "The libvirt connection URI, ie. qemu+ssh://<user>@<host>/system"
 }
 
@@ -95,31 +107,46 @@ variable "vm-name-prefix" {
 ################################################################################
 
 variable "amzn2-ami" {
-  default     = "ami-0dd0ccab7e2801812"
+  # us-east-2
+  # default     = "ami-0dd0ccab7e2801812"
+  # us-gov-west-1
+  default     = "ami-098bf51d9a35299f0"
   description = "The AMI to use for Amazon Linux 2."
 }
 variable "ubuntu-ami" {
-  default = "ami-06c7d6c0987eaa46c"
+  # us-east-2
+  # default = "ami-06c7d6c0987eaa46c"
+  # us-gov-west-1
+  default = "ami-087ee83c8de303181"
   description = "The AMI to use for Ubuntu."
 }
 variable "centos7-ami" {
+  # us-east-2
   default = "ami-00f8e2c955f7ffa9b"
   description = "The AMI to use for CentOS 7."
 }
 variable "centos8-ami" {
+  # us-east-2
   default = "ami-057cacbfbbb471bb3"
   description = "The AMI to use for CentOS 8."
 }
 variable "arch-ami" {
+  # us-east-2
   default = "ami-02653f06de985e3ba"
   description = "The AMI to use for Arch Linux."
 }
 variable "rhel7-ami" {
-  default = "ami-0a509b3c2a4d05b3f"
+  # us-east-2
+  # default = "ami-0a509b3c2a4d05b3f"
+  # us-gov-west-1
+  default = "ami-04ccdf5793086ea95"
   description = "The AMI to use for RHEL 7."
 }
 variable "rhel8-ami" {
-  default = "ami-0d871ca8a77af2948"
+  # us-east-2
+  # default = "ami-0d871ca8a77af2948"
+  # us-gov-west-1
+  default = "ami-0b1f10cd1cd107dd2"
   description = "The AMI to use for RHEL 8."
 }