Skip to content

Instantly share code, notes, and snippets.

@davidgenn
Created August 15, 2017 10:09
Show Gist options
  • Save davidgenn/3db8f6d44ca7436d0764e78fafe12f63 to your computer and use it in GitHub Desktop.
Save davidgenn/3db8f6d44ca7436d0764e78fafe12f63 to your computer and use it in GitHub Desktop.
failing-terraform
provider "aws" {
access_key = "<access-key>"
secret_key = "<secret-key>"
region = "eu-west-1"
}
# Create a VPC to launch our instances into
resource "aws_vpc" "default" {
cidr_block = "10.0.0.0/16"
tags {
Name = "docker-test"
}
}
# Create an internet gateway to give our subnets access to the outside world
resource "aws_internet_gateway" "default" {
vpc_id = "${aws_vpc.default.id}"
}
# Create three public subnets
resource "aws_subnet" "public-1" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "10.0.0.0/24"
availability_zone = "eu-west-1a"
tags {
Name = "docker-test-public-1"
}
}
resource "aws_subnet" "public-2" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "10.0.1.0/24"
availability_zone = "eu-west-1b"
tags {
Name = "docker-test-public-2"
}
}
resource "aws_subnet" "public-3" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "10.0.2.0/24"
availability_zone = "eu-west-1c"
tags {
Name = "docker-test-public-3"
}
}
resource "aws_route_table" "public" {
vpc_id = "${aws_vpc.default.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.default.id}"
}
tags {
Name = "Public Subnet"
}
}
resource "aws_route_table_association" "public-1" {
subnet_id = "${aws_subnet.public-1.id}"
route_table_id = "${aws_route_table.public.id}"
}
resource "aws_route_table_association" "public-2" {
subnet_id = "${aws_subnet.public-2.id}"
route_table_id = "${aws_route_table.public.id}"
}
resource "aws_route_table_association" "public-3" {
subnet_id = "${aws_subnet.public-3.id}"
route_table_id = "${aws_route_table.public.id}"
}
# Create three private subnets
resource "aws_subnet" "private-1" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "10.0.3.0/24"
availability_zone = "eu-west-1a"
tags {
Name = "docker-test-private-1"
}
}
resource "aws_subnet" "private-2" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "10.0.4.0/24"
availability_zone = "eu-west-1b"
tags {
Name = "docker-test-private-2"
}
}
resource "aws_subnet" "private-3" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "10.0.5.0/24"
availability_zone = "eu-west-1c"
tags {
Name = "docker-test-private-3"
}
}
# Create a NAT gateway for the private subnets to access the internet
resource "aws_eip" "nat" {
}
resource "aws_nat_gateway" "default" {
allocation_id = "${aws_eip.nat.id}"
subnet_id = "${aws_subnet.public-1.id}"
depends_on = ["aws_internet_gateway.default"]
}
resource "aws_route_table" "private" {
vpc_id = "${aws_vpc.default.id}"
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = "${aws_nat_gateway.default.id}"
}
tags {
Name = "Private Subnet"
}
}
resource "aws_route_table_association" "private-1" {
subnet_id = "${aws_subnet.private-1.id}"
route_table_id = "${aws_route_table.private.id}"
}
resource "aws_route_table_association" "private-2" {
subnet_id = "${aws_subnet.private-2.id}"
route_table_id = "${aws_route_table.private.id}"
}
resource "aws_route_table_association" "private-3" {
subnet_id = "${aws_subnet.private-3.id}"
route_table_id = "${aws_route_table.private.id}"
}
# A security group that makes the instances accessible to each other within the private subnets
resource "aws_security_group" "consul" {
vpc_id = "${aws_vpc.default.id}"
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# Consul Server
resource "aws_elb" "consul_server" {
security_groups = ["${aws_security_group.consul.id}"]
subnets = ["${aws_subnet.public-1.id}", "${aws_subnet.public-2.id}", "${aws_subnet.public-3.id}"]
listener {
instance_port = 80
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
listener {
instance_port = 8500
instance_protocol = "http"
lb_port = 8500
lb_protocol = "http"
}
}
resource "aws_autoscaling_group" "consul_server" {
availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
max_size = "3"
min_size = "3"
desired_capacity = "3"
force_delete = true
vpc_zone_identifier = ["${aws_subnet.private-1.id}", "${aws_subnet.private-2.id}", "${aws_subnet.private-3.id}"]
launch_configuration = "${aws_launch_configuration.consul_server.name}"
load_balancers = ["${aws_elb.consul_server.name}"]
health_check_type = "EC2"
tag {
key = "Name"
value = "consul_server"
propagate_at_launch = "true"
}
tag {
key = "consul"
value = "server"
propagate_at_launch = "true"
}
tag {
key = "role"
value = "consul-server"
propagate_at_launch = "true"
}
}
resource "aws_launch_configuration" "consul_server" {
image_id = "ami-541bf62d"
instance_type = "t2.micro"
security_groups = ["${aws_security_group.consul.id}"]
key_name = "consul_server"
}
resource "aws_route53_record" "consul_server_test" {
zone_id = "Z1YPLMEPAU5NOO"
name = "consul-test.gojip2p.net"
type = "CNAME"
ttl = "300"
records = ["${aws_elb.consul_server.dns_name}"]
}
# Nomad Server
resource "aws_elb" "nomad_server" {
security_groups = ["${aws_security_group.consul.id}"]
subnets = ["${aws_subnet.public-1.id}", "${aws_subnet.public-2.id}", "${aws_subnet.public-3.id}"]
listener {
instance_port = 4646
instance_protocol = "http"
lb_port = 4646
lb_protocol = "http"
}
}
resource "aws_autoscaling_group" "nomad_server" {
availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
vpc_zone_identifier = ["${aws_subnet.private-1.id}", "${aws_subnet.private-2.id}", "${aws_subnet.private-3.id}"]
max_size = "3"
min_size = "3"
desired_capacity = "3"
force_delete = true
launch_configuration = "${aws_launch_configuration.nomad_server.name}"
load_balancers = ["${aws_elb.nomad_server.name}"]
health_check_type = "EC2"
tag {
key = "Name"
value = "nomad_server_asg"
propagate_at_launch = "true"
}
tag {
key = "consul"
value = "server"
propagate_at_launch = "true"
}
tag {
key = "nomad"
value = "server"
propagate_at_launch = "true"
}
tag {
key = "role"
value = "nomad-server"
propagate_at_launch = "true"
}
}
resource "aws_launch_configuration" "nomad_server" {
image_id = "ami-0a6c8773"
instance_type = "t2.micro"
security_groups = ["${aws_security_group.consul.id}"]
key_name = "consul_server"
}
resource "aws_route53_record" "nomad_server_test" {
zone_id = "Z1YPLMEPAU5NOO"
name = "nomad-test.gojip2p.net"
type = "CNAME"
ttl = "300"
records = ["${aws_elb.nomad_server.dns_name}"]
}
# Nomad Client
resource "aws_elb" "nomad_client" {
subnets = ["${aws_subnet.public-1.id}", "${aws_subnet.public-2.id}", "${aws_subnet.public-3.id}"]
security_groups = ["${aws_security_group.consul.id}"]
listener {
instance_port = 80
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
listener {
instance_port = 8080
instance_protocol = "http"
lb_port = 8080
lb_protocol = "http"
}
}
resource "aws_autoscaling_group" "nomad_client" {
availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"]
vpc_zone_identifier = ["${aws_subnet.private-1.id}", "${aws_subnet.private-2.id}", "${aws_subnet.private-3.id}"]
max_size = "3"
min_size = "3"
desired_capacity = "3"
force_delete = true
launch_configuration = "${aws_launch_configuration.nomad_client.name}"
load_balancers = ["${aws_elb.nomad_client.name}"]
health_check_type = "EC2"
tag {
key = "Name"
value = "nomad_client_asg"
propagate_at_launch = "true"
}
tag {
key = "consul"
value = "server"
propagate_at_launch = "true"
}
tag {
key = "nomad"
value = "client"
propagate_at_launch = "true"
}
tag {
key = "role"
value = "nomad-client"
propagate_at_launch = "true"
}
}
resource "aws_launch_configuration" "nomad_client" {
image_id = "ami-cdb042b4"
instance_type = "t2.medium"
security_groups = ["${aws_security_group.consul.id}"]
key_name = "consul_server"
}
resource "aws_route53_record" "docker_test" {
zone_id = "Z1YPLMEPAU5NOO"
name = "docker-test.gojip2p.net"
type = "CNAME"
ttl = "300"
records = ["${aws_elb.nomad_client.dns_name}"]
}
# Bastion server in a public subnet to allow ssh access to all the other servers
resource "aws_security_group" "bastion" {
vpc_id = "${aws_vpc.default.id}"
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "bastion" {
instance_type = "t2.micro"
ami = "ami-86f318ff"
key_name = "consul_server"
vpc_security_group_ids = ["${aws_security_group.bastion.id}"]
subnet_id = "${aws_subnet.public-1.id}"
associate_public_ip_address = true
tags = {
role = "bastion"
}
}
resource "aws_route53_record" "bastion_test" {
zone_id = "Z1YPLMEPAU5NOO"
name = "bastion-test.gojip2p.net"
type = "A"
ttl = "300"
records = ["${aws_instance.bastion.public_ip}"]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment