Created
May 30, 2020 23:56
-
-
Save davidhamann/d0f29a500854dbaa34dc7d151ab3f248 to your computer and use it in GitHub Desktop.
From my dotfmp talk: terraform simple starter template for "FMS For Linux (Preview – not for production)" on AWS; setup done only via remote-exec
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
variable "provider_profile" { type = string } | |
variable "provider_region" { type = string } | |
variable "instance_type" { type = string } | |
variable "ssh_source_ips" { type = list(string) } | |
variable "ami_id" { type = string } | |
variable "key" { type = tuple([string, string]) } | |
variable "dns_name" { type = string } | |
variable "zone_id" { type = string } | |
variable "cert_email" { type = string } | |
variable "fmsadmin_user" { type = string } | |
variable "fmsadmin_pass" { type = string } | |
variable "fmsadmin_pin" { type = string } | |
variable "installer_url" { type = string } | |
provider "aws" { | |
profile = var.provider_profile | |
region = var.provider_region | |
} | |
resource "aws_eip" "fms_ip" {} | |
resource "aws_route53_record" "dns_record" { | |
zone_id = var.zone_id | |
name = var.dns_name | |
type = "A" | |
ttl = "300" | |
records = [aws_eip.fms_ip.public_ip] | |
} | |
resource "aws_instance" "fmserver" { | |
ami = var.ami_id | |
instance_type = var.instance_type | |
key_name = var.key[0] | |
security_groups = [aws_security_group.ssh_fms_in_all_egress.name] | |
} | |
resource "aws_security_group" "ssh_fms_in_all_egress" { | |
name = "ssh_fms" | |
description = "Allow for SSH and FMS access" | |
ingress { | |
from_port = 22 | |
to_port = 22 | |
protocol = "tcp" | |
cidr_blocks = var.ssh_source_ips | |
} | |
ingress { | |
from_port = 5003 | |
to_port = 5003 | |
protocol = "tcp" | |
cidr_blocks = ["0.0.0.0/0"] # maybe change this | |
} | |
ingress { | |
from_port = 80 | |
to_port = 80 | |
protocol = "tcp" | |
cidr_blocks = ["0.0.0.0/0"] # maybe change this | |
} | |
ingress { | |
from_port = 443 | |
to_port = 443 | |
protocol = "tcp" | |
cidr_blocks = ["0.0.0.0/0"] # maybe change this | |
} | |
egress { | |
from_port = 0 | |
to_port = 0 | |
protocol = "-1" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
} | |
resource "aws_eip_association" "assoc_and_setup" { | |
instance_id = aws_instance.fmserver.id | |
allocation_id = aws_eip.fms_ip.id | |
depends_on = [aws_route53_record.dns_record] | |
provisioner "remote-exec" { | |
inline = [ | |
"sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y", | |
"sudo yum install certbot -y", | |
"sudo certbot certonly --standalone -d ${var.dns_name} -m ${var.cert_email} --agree-tos -n", | |
"sudo yum install wget -y", | |
"wget ${var.installer_url}", | |
"sudo yum install filemaker_server*.rpm -y", | |
join("", [ | |
"sleep 25; ", | |
"while [ -z $(systemctl show fmshelper -p SubState | grep 'SubState=running') ]; ", | |
"do echo 'Waiting for FMS to be ready...'; sleep 2; done" | |
]), | |
"fmsadmin resetpw -p ${var.fmsadmin_pass} -z ${var.fmsadmin_pin}", | |
join("", [ | |
"sudo sh -c 'fmsadmin certificate import $(realpath /etc/letsencrypt/live/${var.dns_name}/cert.pem) ", | |
"--keyfile $(realpath /etc/letsencrypt/live/${var.dns_name}/privkey.pem) ", | |
"--intermediateCA $(realpath /etc/letsencrypt/live/${var.dns_name}/fullchain.pem) ", | |
"-y -u ${var.fmsadmin_user} -p ${var.fmsadmin_pass}'" | |
]), | |
"fmsadmin restart server -y -u ${var.fmsadmin_user} -p ${var.fmsadmin_pass}" | |
] | |
connection { | |
type = "ssh" | |
user = "centos" | |
private_key = file(var.key[1]) | |
host = aws_eip.fms_ip.public_ip | |
} | |
} | |
} | |
resource "null_resource" "open_fm" { | |
depends_on = [aws_eip_association.assoc_and_setup] | |
provisioner "local-exec" { | |
command = "open fmp://${var.dns_name}/FMServer_Sample" | |
} | |
} | |
output "fms_instance" { | |
value = "${var.dns_name}" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# (you probably want to change most values here) | |
# aws | |
provider_profile = "terraform" | |
provider_region = "eu-central-1" | |
instance_type = "t2.medium" | |
ssh_source_ips = ["0.0.0.0/0"] | |
ami_id = "ami-0e8286b71b81c3cc1" # helpful: http://cavaliercoder.com/blog/finding-the-latest-centos-ami.html | |
key = ["terraform", "~/.ssh/terraform.pem"] | |
# dns | |
zone_id = "ABCDE" | |
cert_email = "test@example.com" | |
# fms | |
fmsadmin_user = "admin" | |
fmsadmin_pass = "insecure" | |
fmsadmin_pin = "1234" | |
installer_url = "https://downloads.claris.com/esd/filemaker_server-19.0.1-22.x86_64.rpm" # usually pretty slow from outside US; recommended to host it yourself |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment