Created
August 15, 2017 10:09
-
-
Save davidgenn/3db8f6d44ca7436d0764e78fafe12f63 to your computer and use it in GitHub Desktop.
failing-terraform
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| provider "aws" { | |
| access_key = "<access-key>" | |
| secret_key = "<secret-key>" | |
| region = "eu-west-1" | |
| } | |
| # Create a VPC to launch our instances into | |
| resource "aws_vpc" "default" { | |
| cidr_block = "10.0.0.0/16" | |
| tags { | |
| Name = "docker-test" | |
| } | |
| } | |
| # Create an internet gateway to give our subnets access to the outside world | |
| resource "aws_internet_gateway" "default" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| } | |
| # Create three public subnets | |
| resource "aws_subnet" "public-1" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| cidr_block = "10.0.0.0/24" | |
| availability_zone = "eu-west-1a" | |
| tags { | |
| Name = "docker-test-public-1" | |
| } | |
| } | |
| resource "aws_subnet" "public-2" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| cidr_block = "10.0.1.0/24" | |
| availability_zone = "eu-west-1b" | |
| tags { | |
| Name = "docker-test-public-2" | |
| } | |
| } | |
| resource "aws_subnet" "public-3" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| cidr_block = "10.0.2.0/24" | |
| availability_zone = "eu-west-1c" | |
| tags { | |
| Name = "docker-test-public-3" | |
| } | |
| } | |
| resource "aws_route_table" "public" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| route { | |
| cidr_block = "0.0.0.0/0" | |
| gateway_id = "${aws_internet_gateway.default.id}" | |
| } | |
| tags { | |
| Name = "Public Subnet" | |
| } | |
| } | |
| resource "aws_route_table_association" "public-1" { | |
| subnet_id = "${aws_subnet.public-1.id}" | |
| route_table_id = "${aws_route_table.public.id}" | |
| } | |
| resource "aws_route_table_association" "public-2" { | |
| subnet_id = "${aws_subnet.public-2.id}" | |
| route_table_id = "${aws_route_table.public.id}" | |
| } | |
| resource "aws_route_table_association" "public-3" { | |
| subnet_id = "${aws_subnet.public-3.id}" | |
| route_table_id = "${aws_route_table.public.id}" | |
| } | |
| # Create three private subnets | |
| resource "aws_subnet" "private-1" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| cidr_block = "10.0.3.0/24" | |
| availability_zone = "eu-west-1a" | |
| tags { | |
| Name = "docker-test-private-1" | |
| } | |
| } | |
| resource "aws_subnet" "private-2" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| cidr_block = "10.0.4.0/24" | |
| availability_zone = "eu-west-1b" | |
| tags { | |
| Name = "docker-test-private-2" | |
| } | |
| } | |
| resource "aws_subnet" "private-3" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| cidr_block = "10.0.5.0/24" | |
| availability_zone = "eu-west-1c" | |
| tags { | |
| Name = "docker-test-private-3" | |
| } | |
| } | |
| # Create a NAT gateway for the private subnets to access the internet | |
| resource "aws_eip" "nat" { | |
| } | |
| resource "aws_nat_gateway" "default" { | |
| allocation_id = "${aws_eip.nat.id}" | |
| subnet_id = "${aws_subnet.public-1.id}" | |
| depends_on = ["aws_internet_gateway.default"] | |
| } | |
| resource "aws_route_table" "private" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| route { | |
| cidr_block = "0.0.0.0/0" | |
| nat_gateway_id = "${aws_nat_gateway.default.id}" | |
| } | |
| tags { | |
| Name = "Private Subnet" | |
| } | |
| } | |
| resource "aws_route_table_association" "private-1" { | |
| subnet_id = "${aws_subnet.private-1.id}" | |
| route_table_id = "${aws_route_table.private.id}" | |
| } | |
| resource "aws_route_table_association" "private-2" { | |
| subnet_id = "${aws_subnet.private-2.id}" | |
| route_table_id = "${aws_route_table.private.id}" | |
| } | |
| resource "aws_route_table_association" "private-3" { | |
| subnet_id = "${aws_subnet.private-3.id}" | |
| route_table_id = "${aws_route_table.private.id}" | |
| } | |
| # A security group that makes the instances accessible to each other within the private subnets | |
| resource "aws_security_group" "consul" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| ingress { | |
| from_port = 0 | |
| to_port = 0 | |
| protocol = "-1" | |
| cidr_blocks = ["0.0.0.0/0"] | |
| } | |
| egress { | |
| from_port = 0 | |
| to_port = 0 | |
| protocol = "-1" | |
| cidr_blocks = ["0.0.0.0/0"] | |
| } | |
| } | |
| # Consul Server | |
| resource "aws_elb" "consul_server" { | |
| security_groups = ["${aws_security_group.consul.id}"] | |
| subnets = ["${aws_subnet.public-1.id}", "${aws_subnet.public-2.id}", "${aws_subnet.public-3.id}"] | |
| listener { | |
| instance_port = 80 | |
| instance_protocol = "http" | |
| lb_port = 80 | |
| lb_protocol = "http" | |
| } | |
| listener { | |
| instance_port = 8500 | |
| instance_protocol = "http" | |
| lb_port = 8500 | |
| lb_protocol = "http" | |
| } | |
| } | |
| resource "aws_autoscaling_group" "consul_server" { | |
| availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] | |
| max_size = "3" | |
| min_size = "3" | |
| desired_capacity = "3" | |
| force_delete = true | |
| vpc_zone_identifier = ["${aws_subnet.private-1.id}", "${aws_subnet.private-2.id}", "${aws_subnet.private-3.id}"] | |
| launch_configuration = "${aws_launch_configuration.consul_server.name}" | |
| load_balancers = ["${aws_elb.consul_server.name}"] | |
| health_check_type = "EC2" | |
| tag { | |
| key = "Name" | |
| value = "consul_server" | |
| propagate_at_launch = "true" | |
| } | |
| tag { | |
| key = "consul" | |
| value = "server" | |
| propagate_at_launch = "true" | |
| } | |
| tag { | |
| key = "role" | |
| value = "consul-server" | |
| propagate_at_launch = "true" | |
| } | |
| } | |
| resource "aws_launch_configuration" "consul_server" { | |
| image_id = "ami-541bf62d" | |
| instance_type = "t2.micro" | |
| security_groups = ["${aws_security_group.consul.id}"] | |
| key_name = "consul_server" | |
| } | |
| resource "aws_route53_record" "consul_server_test" { | |
| zone_id = "Z1YPLMEPAU5NOO" | |
| name = "consul-test.gojip2p.net" | |
| type = "CNAME" | |
| ttl = "300" | |
| records = ["${aws_elb.consul_server.dns_name}"] | |
| } | |
| # Nomad Server | |
| resource "aws_elb" "nomad_server" { | |
| security_groups = ["${aws_security_group.consul.id}"] | |
| subnets = ["${aws_subnet.public-1.id}", "${aws_subnet.public-2.id}", "${aws_subnet.public-3.id}"] | |
| listener { | |
| instance_port = 4646 | |
| instance_protocol = "http" | |
| lb_port = 4646 | |
| lb_protocol = "http" | |
| } | |
| } | |
| resource "aws_autoscaling_group" "nomad_server" { | |
| availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] | |
| vpc_zone_identifier = ["${aws_subnet.private-1.id}", "${aws_subnet.private-2.id}", "${aws_subnet.private-3.id}"] | |
| max_size = "3" | |
| min_size = "3" | |
| desired_capacity = "3" | |
| force_delete = true | |
| launch_configuration = "${aws_launch_configuration.nomad_server.name}" | |
| load_balancers = ["${aws_elb.nomad_server.name}"] | |
| health_check_type = "EC2" | |
| tag { | |
| key = "Name" | |
| value = "nomad_server_asg" | |
| propagate_at_launch = "true" | |
| } | |
| tag { | |
| key = "consul" | |
| value = "server" | |
| propagate_at_launch = "true" | |
| } | |
| tag { | |
| key = "nomad" | |
| value = "server" | |
| propagate_at_launch = "true" | |
| } | |
| tag { | |
| key = "role" | |
| value = "nomad-server" | |
| propagate_at_launch = "true" | |
| } | |
| } | |
| resource "aws_launch_configuration" "nomad_server" { | |
| image_id = "ami-0a6c8773" | |
| instance_type = "t2.micro" | |
| security_groups = ["${aws_security_group.consul.id}"] | |
| key_name = "consul_server" | |
| } | |
| resource "aws_route53_record" "nomad_server_test" { | |
| zone_id = "Z1YPLMEPAU5NOO" | |
| name = "nomad-test.gojip2p.net" | |
| type = "CNAME" | |
| ttl = "300" | |
| records = ["${aws_elb.nomad_server.dns_name}"] | |
| } | |
| # Nomad Client | |
| resource "aws_elb" "nomad_client" { | |
| subnets = ["${aws_subnet.public-1.id}", "${aws_subnet.public-2.id}", "${aws_subnet.public-3.id}"] | |
| security_groups = ["${aws_security_group.consul.id}"] | |
| listener { | |
| instance_port = 80 | |
| instance_protocol = "http" | |
| lb_port = 80 | |
| lb_protocol = "http" | |
| } | |
| listener { | |
| instance_port = 8080 | |
| instance_protocol = "http" | |
| lb_port = 8080 | |
| lb_protocol = "http" | |
| } | |
| } | |
| resource "aws_autoscaling_group" "nomad_client" { | |
| availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] | |
| vpc_zone_identifier = ["${aws_subnet.private-1.id}", "${aws_subnet.private-2.id}", "${aws_subnet.private-3.id}"] | |
| max_size = "3" | |
| min_size = "3" | |
| desired_capacity = "3" | |
| force_delete = true | |
| launch_configuration = "${aws_launch_configuration.nomad_client.name}" | |
| load_balancers = ["${aws_elb.nomad_client.name}"] | |
| health_check_type = "EC2" | |
| tag { | |
| key = "Name" | |
| value = "nomad_client_asg" | |
| propagate_at_launch = "true" | |
| } | |
| tag { | |
| key = "consul" | |
| value = "server" | |
| propagate_at_launch = "true" | |
| } | |
| tag { | |
| key = "nomad" | |
| value = "client" | |
| propagate_at_launch = "true" | |
| } | |
| tag { | |
| key = "role" | |
| value = "nomad-client" | |
| propagate_at_launch = "true" | |
| } | |
| } | |
| resource "aws_launch_configuration" "nomad_client" { | |
| image_id = "ami-cdb042b4" | |
| instance_type = "t2.medium" | |
| security_groups = ["${aws_security_group.consul.id}"] | |
| key_name = "consul_server" | |
| } | |
| resource "aws_route53_record" "docker_test" { | |
| zone_id = "Z1YPLMEPAU5NOO" | |
| name = "docker-test.gojip2p.net" | |
| type = "CNAME" | |
| ttl = "300" | |
| records = ["${aws_elb.nomad_client.dns_name}"] | |
| } | |
| # Bastion server in a public subnet to allow ssh access to all the other servers | |
| resource "aws_security_group" "bastion" { | |
| vpc_id = "${aws_vpc.default.id}" | |
| ingress { | |
| from_port = 0 | |
| to_port = 0 | |
| protocol = "-1" | |
| cidr_blocks = ["0.0.0.0/0"] | |
| } | |
| egress { | |
| from_port = 0 | |
| to_port = 0 | |
| protocol = "-1" | |
| cidr_blocks = ["0.0.0.0/0"] | |
| } | |
| } | |
| resource "aws_instance" "bastion" { | |
| instance_type = "t2.micro" | |
| ami = "ami-86f318ff" | |
| key_name = "consul_server" | |
| vpc_security_group_ids = ["${aws_security_group.bastion.id}"] | |
| subnet_id = "${aws_subnet.public-1.id}" | |
| associate_public_ip_address = true | |
| tags = { | |
| role = "bastion" | |
| } | |
| } | |
| resource "aws_route53_record" "bastion_test" { | |
| zone_id = "Z1YPLMEPAU5NOO" | |
| name = "bastion-test.gojip2p.net" | |
| type = "A" | |
| ttl = "300" | |
| records = ["${aws_instance.bastion.public_ip}"] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment