matschaffer/.gitignore

## .gitignore
.terraform
*.tfstate*
terraform.tfvars
bootstrap-secrets.json

## README.md

      
    Raw
  

              README.md
            
          
    A sample installation of Elastic Cloud Enterprise on GCP

Details

This tree provides a basic test bed for a 3-node installation of Elastic Cloud Enterprise.
Note that the terraform files and installation script are intentionally basic.
A full production deployment should make use of instance groups, load balancers and other high-availability constructs which have been left out of this setup. See the Elastic Cloud Enterprise planning docs for additional details regarding production planning and deployment.
Usage

To start it up, run the following:
> terraform init
> terraform apply

# wait ~60s for instance to finish installing prerequisites

> ./install.sh
To tear it down run:
> terraform destroy

  
## install.sh
#!/usr/bin/env bash

# Installs ECE based on https://www.elastic.co/guide/en/cloud-enterprise/1.1/ece-quick-start.html

set -euxo pipefail

PUBLIC_KEY="$(echo var.public_key | terraform console)"
PRIVATE_KEY="$(dirname "${PUBLIC_KEY}")/$(basename -s .pub "${PUBLIC_KEY}")"
REMOTE_USER="$(echo var.remote_user | terraform console)"

SSH_OPTIONS="-o LogLevel=quiet -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
SSH_AUTHENTICATION="-i ${PRIVATE_KEY} -o User=${REMOTE_USER}"

COORDINATOR="$(echo google_compute_instance.node.0.network_interface.0.access_config.0.assigned_nat_ip | terraform console)"
COORDINATOR_IP="$(echo google_compute_instance.node.0.network_interface.0.address | terraform console)"

ALLOCATOR_B="$(echo google_compute_instance.node.1.network_interface.0.access_config.0.assigned_nat_ip | terraform console)"
ALLOCATOR_C="$(echo google_compute_instance.node.2.network_interface.0.access_config.0.assigned_nat_ip | terraform console)"

INSTALL_COMMAND="bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) install"

ece_install() {
  local host="${1}"
  local zone="${2}"
  local options="${3:-}"

  ssh -t ${SSH_OPTIONS} ${SSH_AUTHENTICATION} "${host}" \
    "${INSTALL_COMMAND} --availability-zone ${zone} ${options}"
}

ece_install "${COORDINATOR}" ece-region-1a

scp ${SSH_OPTIONS} ${SSH_AUTHENTICATION} "${COORDINATOR}":/mnt/data/elastic/bootstrap-state/bootstrap-secrets.json .
ROLES_TOKEN="$(jq -r .bootstrap_runner_roles_token bootstrap-secrets.json)"
ROOT_PASSWORD="$(jq -r .adminconsole_root_password bootstrap-secrets.json)"

ece_install "${ALLOCATOR_B}" ece-region-1b "--coordinator-host ${COORDINATOR_IP} --roles-token ${ROLES_TOKEN}"
ece_install "${ALLOCATOR_C}" ece-region-1c "--coordinator-host ${COORDINATOR_IP} --roles-token ${ROLES_TOKEN}"

cat <<TXT

All done!

You can log into your installation at (note that certificate is auto-generated/self-signed for now):

    https://${COORDINATOR}:12443

    Username: root
    Password: ${ROOT_PASSWORD}


If you would like to SSH into a host, please feel free to do so using:

    ssh ${SSH_OPTIONS} ${SSH_AUTHENTICATION} ${COORDINATOR}

TXT

## networking.tf
resource "google_compute_network" "main" {
  name                    = "${var.name}"
  auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "main" {
  name          = "${var.name}"
  ip_cidr_range = "${var.cidr}"
  network       = "${google_compute_network.main.self_link}"
  region        = "${var.region}"
}

resource "google_compute_firewall" "administration" {
  name    = "${var.name}-allow-administration"
  network = "${google_compute_network.main.name}"

  allow {
    protocol = "tcp"

    ports = [
      22,
      12443,
    ]
  }

  source_ranges = [
    "${var.myip}/32",
  ]
}

resource "google_compute_firewall" "clusters" {
  name    = "${var.name}-allow-clusters"
  network = "${google_compute_network.main.name}"

  allow {
    protocol = "tcp"

    ports = [
      9243,
      9343,
    ]
  }

  source_ranges = [
    "0.0.0.0/0",
  ]
}

resource "google_compute_firewall" "internal" {
  name    = "${var.name}-allow-internal"
  network = "${google_compute_network.main.name}"

  allow {
    protocol = "all"
  }

  source_ranges = [
    "${var.cidr}",
  ]
}

## nodes.tf
resource "google_compute_instance" "node" {
  count = "${length(var.zones)}"

  name         = "${var.name}-${element(var.zones, count.index)}"
  machine_type = "${var.machine_type}"
  zone         = "${var.region}-${element(var.zones, count.index)}"

  boot_disk {
    initialize_params {
      size  = 100
      image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-1604-lts"
    }
  }

  network_interface {
    subnetwork    = "${google_compute_subnetwork.main.name}"
    access_config = {}
  }

  metadata {
    managed-by = "terraform"

    environment = "${var.environment}"
    owner       = "${var.name}"

    ssh-keys = "${var.remote_user}:${file(var.public_key)}"
  }

  metadata_startup_script = "${file(var.user_data)}"
}

## provider.tf
provider "google" {
  region      = "${var.region}"
  project     = "${var.project}"
  credentials = "${file("~/.config/gcloud/${var.project}.json")}"
  version     = "1.2.0"
}

provider "template" {
  version = "1.0.0"
}

terraform {
  required_version = "0.11.0"
}

## terraform.tfvars.example
# See variables.tf for descriptions

project = "YOUR-CLOUD-PROJECT"

myip = "YOUR-IP"

name = "YOUR-NAME"

## user_data.sh
#!/usr/bin/env bash

# Sets up instance based on https://www.elastic.co/guide/en/cloud-enterprise/1.1/ece-prereqs.html

exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1

set -euxo pipefail

IMAGE_USER=elastic

apt-key adv --keyserver keyserver.ubuntu.com --recv 58118E89F3A912897C070ADBF76221572C52609D
echo deb https://apt.dockerproject.org/repo ubuntu-xenial main > /etc/apt/sources.list.d/docker.list
apt-get -qq update

apt-get install -y "docker-engine=1.11.2-0~xenial"

usermod -G docker,sudo "${IMAGE_USER}"

mkdir -p /mnt/data/elastic
chown -R "${IMAGE_USER}":"${IMAGE_USER}" /mnt/data/elastic

sysctl -w vm.max_map_count=262144

## variables.tf
variable "region" {
  default = "asia-northeast1"
}

variable "zones" {
  type    = "list"
  default = ["a", "b", "c"]
}

variable "project" {
  description = "Your google project ID"
}

variable "myip" {
  description = "Your IP address for enabling access to administrative ports"
}

variable "name" {
  description = "An idenfitying name used for names of cloud resources"
}

variable "environment" {
  default = "development"
}

variable "cidr" {
  default = "10.13.37.0/24"
}

variable "machine_type" {
  default = "n1-standard-16"
}

variable "user_data" {
  default = "user_data.sh"
}

variable "remote_user" {
  default = "elastic"
}

variable "public_key" {
  default = "~/.ssh/id_rsa.pub"
}
	#!/usr/bin/env bash

	# Installs ECE based on https://www.elastic.co/guide/en/cloud-enterprise/1.1/ece-quick-start.html

	set -euxo pipefail

	PUBLIC_KEY="$(echo var.public_key \| terraform console)"
	PRIVATE_KEY="$(dirname "${PUBLIC_KEY}")/$(basename -s .pub "${PUBLIC_KEY}")"
	REMOTE_USER="$(echo var.remote_user \| terraform console)"

	SSH_OPTIONS="-o LogLevel=quiet -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
	SSH_AUTHENTICATION="-i ${PRIVATE_KEY} -o User=${REMOTE_USER}"

	COORDINATOR="$(echo google_compute_instance.node.0.network_interface.0.access_config.0.assigned_nat_ip \| terraform console)"
	COORDINATOR_IP="$(echo google_compute_instance.node.0.network_interface.0.address \| terraform console)"

	ALLOCATOR_B="$(echo google_compute_instance.node.1.network_interface.0.access_config.0.assigned_nat_ip \| terraform console)"
	ALLOCATOR_C="$(echo google_compute_instance.node.2.network_interface.0.access_config.0.assigned_nat_ip \| terraform console)"

	INSTALL_COMMAND="bash <(curl -fsSL https://download.elastic.co/cloud/elastic-cloud-enterprise.sh) install"

	ece_install() {
	local host="${1}"
	local zone="${2}"
	local options="${3:-}"

	ssh -t ${SSH_OPTIONS} ${SSH_AUTHENTICATION} "${host}" \
	"${INSTALL_COMMAND} --availability-zone ${zone} ${options}"
	}

	ece_install "${COORDINATOR}" ece-region-1a

	scp ${SSH_OPTIONS} ${SSH_AUTHENTICATION} "${COORDINATOR}":/mnt/data/elastic/bootstrap-state/bootstrap-secrets.json .
	ROLES_TOKEN="$(jq -r .bootstrap_runner_roles_token bootstrap-secrets.json)"
	ROOT_PASSWORD="$(jq -r .adminconsole_root_password bootstrap-secrets.json)"

	ece_install "${ALLOCATOR_B}" ece-region-1b "--coordinator-host ${COORDINATOR_IP} --roles-token ${ROLES_TOKEN}"
	ece_install "${ALLOCATOR_C}" ece-region-1c "--coordinator-host ${COORDINATOR_IP} --roles-token ${ROLES_TOKEN}"

	cat <<TXT

	All done!

	You can log into your installation at (note that certificate is auto-generated/self-signed for now):

	https://${COORDINATOR}:12443

	Username: root
	Password: ${ROOT_PASSWORD}


	If you would like to SSH into a host, please feel free to do so using:

	ssh ${SSH_OPTIONS} ${SSH_AUTHENTICATION} ${COORDINATOR}

	TXT
	resource "google_compute_network" "main" {
	name = "${var.name}"
	auto_create_subnetworks = false
	}

	resource "google_compute_subnetwork" "main" {
	name = "${var.name}"
	ip_cidr_range = "${var.cidr}"
	network = "${google_compute_network.main.self_link}"
	region = "${var.region}"
	}

	resource "google_compute_firewall" "administration" {
	name = "${var.name}-allow-administration"
	network = "${google_compute_network.main.name}"

	allow {
	protocol = "tcp"

	ports = [
	22,
	12443,
	]
	}

	source_ranges = [
	"${var.myip}/32",
	]
	}

	resource "google_compute_firewall" "clusters" {
	name = "${var.name}-allow-clusters"
	network = "${google_compute_network.main.name}"

	allow {
	protocol = "tcp"

	ports = [
	9243,
	9343,
	]
	}

	source_ranges = [
	"0.0.0.0/0",
	]
	}

	resource "google_compute_firewall" "internal" {
	name = "${var.name}-allow-internal"
	network = "${google_compute_network.main.name}"

	allow {
	protocol = "all"
	}

	source_ranges = [
	"${var.cidr}",
	]
	}
	resource "google_compute_instance" "node" {
	count = "${length(var.zones)}"

	name = "${var.name}-${element(var.zones, count.index)}"
	machine_type = "${var.machine_type}"
	zone = "${var.region}-${element(var.zones, count.index)}"

	boot_disk {
	initialize_params {
	size = 100
	image = "projects/ubuntu-os-cloud/global/images/family/ubuntu-1604-lts"
	}
	}

	network_interface {
	subnetwork = "${google_compute_subnetwork.main.name}"
	access_config = {}
	}

	metadata {
	managed-by = "terraform"

	environment = "${var.environment}"
	owner = "${var.name}"

	ssh-keys = "${var.remote_user}:${file(var.public_key)}"
	}

	metadata_startup_script = "${file(var.user_data)}"
	}
	provider "google" {
	region = "${var.region}"
	project = "${var.project}"
	credentials = "${file("~/.config/gcloud/${var.project}.json")}"
	version = "1.2.0"
	}

	provider "template" {
	version = "1.0.0"
	}

	terraform {
	required_version = "0.11.0"
	}
	# See variables.tf for descriptions

	project = "YOUR-CLOUD-PROJECT"

	myip = "YOUR-IP"

	name = "YOUR-NAME"
	#!/usr/bin/env bash

	# Sets up instance based on https://www.elastic.co/guide/en/cloud-enterprise/1.1/ece-prereqs.html

	exec > >(tee /var/log/user-data.log\|logger -t user-data -s 2>/dev/console) 2>&1

	set -euxo pipefail

	IMAGE_USER=elastic

	apt-key adv --keyserver keyserver.ubuntu.com --recv 58118E89F3A912897C070ADBF76221572C52609D
	echo deb https://apt.dockerproject.org/repo ubuntu-xenial main > /etc/apt/sources.list.d/docker.list
	apt-get -qq update

	apt-get install -y "docker-engine=1.11.2-0~xenial"

	usermod -G docker,sudo "${IMAGE_USER}"

	mkdir -p /mnt/data/elastic
	chown -R "${IMAGE_USER}":"${IMAGE_USER}" /mnt/data/elastic

	sysctl -w vm.max_map_count=262144
	variable "region" {
	default = "asia-northeast1"
	}

	variable "zones" {
	type = "list"
	default = ["a", "b", "c"]
	}

	variable "project" {
	description = "Your google project ID"
	}

	variable "myip" {
	description = "Your IP address for enabling access to administrative ports"
	}

	variable "name" {
	description = "An idenfitying name used for names of cloud resources"
	}

	variable "environment" {
	default = "development"
	}

	variable "cidr" {
	default = "10.13.37.0/24"
	}

	variable "machine_type" {
	default = "n1-standard-16"
	}

	variable "user_data" {
	default = "user_data.sh"
	}

	variable "remote_user" {
	default = "elastic"
	}

	variable "public_key" {
	default = "~/.ssh/id_rsa.pub"
	}