Last active
July 23, 2020 17:44
-
-
Save rjhornsby/ea25a772a48c5206f07b31f4f09032ab to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module "base_config" { | |
| source = "../base" | |
| } | |
| provider "aws" { | |
| region = "us-west-2" # module.base_config.aws_region | |
| version = "~> 2" | |
| } | |
| provider "windns" { | |
| username = data.vault_generic_secret.tf-dns.data["username"] | |
| password = data.vault_generic_secret.tf-dns.data["password"] | |
| server = "awsdc.company.local" | |
| usessl = true | |
| } | |
| provider "vault" { | |
| version = "~> 2.6" | |
| } // defaults to local/workstation environment configuration | |
| resource "windns" "a_record" { | |
| count = var.manage_dns ? length(aws_instance.company_instance) : 0 | |
| record_name = "${var.node_short_name}-${substr(aws_instance.company_instance[count.index].id, 2, 6)}" | |
| record_type = "A" | |
| zone_name = "mycompany.org" | |
| ipv4address = aws_instance.company_instance[count.index].private_ip | |
| } | |
| resource "aws_instance" "company_instance" { | |
| count = var.instance_count | |
| ami = data.aws_ami.ec2_ami.id | |
| availability_zone = data.aws_subnet.subnets[count.index % length(data.aws_subnet.subnets)].availability_zone | |
| subnet_id = data.aws_subnet.subnets[count.index % length(data.aws_subnet.subnets)].id | |
| vpc_security_group_ids = [data.aws_security_group.open_intranet.id] | |
| instance_type = var.instance_type | |
| key_name = var.u_aws_keyname | |
| root_block_device { | |
| volume_size = coalesce(var.root_block_device_size, 16) | |
| encrypted = true | |
| kms_key_id = data.aws_kms_key.company_master.arn | |
| } | |
| tags = merge( | |
| { | |
| Name = var.node_short_name | |
| }, | |
| module.base_config.tags | |
| ) | |
| lifecycle { | |
| create_before_destroy = true | |
| prevent_destroy = false | |
| ignore_changes = [user_data, tags] | |
| } | |
| provisioner "chef" { | |
| client_options = module.base_config.chef_client_options | |
| run_list = var.chef_run_list | |
| node_name = "${var.node_short_name}-${substr(self.id, 2, 6)}" | |
| recreate_client = true | |
| server_url = module.base_config.chef_server_url | |
| user_name = var.u_chef_username | |
| user_key = file(var.u_chef_user_key_path) | |
| secret_key = file(var.u_chef_databag_key_path) | |
| version = coalesce(var.chef_client_version, module.base_config.chef_client_version) | |
| } | |
| provisioner "remote-exec" { | |
| when = create | |
| inline = ["sudo hostnamectl set-hostname ${var.node_short_name}-${substr(self.id, 2, 6)}"] | |
| } | |
| // TF's chef provisioner does not clean up node/client objects from the chef server by itself | |
| provisioner "local-exec" { | |
| when = destroy | |
| // while using var.* would be simpler, TF doesn't like that in destroy-time provisioners | |
| command = "knife node delete ${self.tags["node_short_name"]}-${substr(self.id, 2, 6)} -y" | |
| on_failure = continue | |
| } | |
| provisioner "local-exec" { | |
| when = destroy | |
| command = "knife client delete ${self.tags["node_short_name"]}-${substr(self.id, 2, 6)} -y" | |
| on_failure = continue | |
| } | |
| connection { | |
| host = coalesce(self.public_ip, self.private_ip) | |
| type = "ssh" | |
| user = "ec2-user" | |
| // FIXME: this will break in TF 0.13 | |
| // see https://github.com/hashicorp/terraform/issues/23679 | |
| private_key = file(self.key_name) | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module "frontend_instance" { | |
| source = "../lib/provisioned_instance" | |
| // Set these parameters according to your needs | |
| chef_run_list = module.chef_shared.chef_run_list | |
| instance_count = var.frontend_config.instance_count | |
| ami_alias = module.chef_shared.ami_alias | |
| // https://docs.chef.io/install_server_ha/#hardware-requirements | |
| instance_type = var.frontend_config.instance_type | |
| node_short_name = var.frontend_config.node_short_name | |
| manage_dns = true | |
| subnet_list = module.chef_shared.subnets | |
| root_block_device_size = var.frontend_config.root_block_device_size | |
| // static values. these should probably not be changed. | |
| u_aws_keyname = var.u_aws_keyname | |
| u_aws_keypath = var.u_aws_keypath | |
| u_chef_user_key_path = var.u_chef_user_key_path | |
| u_chef_databag_key_path = var.u_chef_databag_key_path | |
| u_chef_username = var.u_chef_username | |
| u_knife_rb = var.u_knife_rb | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "frontend_config" { | |
| type = map(any) | |
| default = { | |
| node_short_name: "chef-server", | |
| instance_count: 1, | |
| root_block_device_size: 24, | |
| instance_type: "c5.xlarge" | |
| } | |
| } | |
| variable "backend_config" { | |
| type = map(any) | |
| default = { | |
| node_short_name: "chef-server-backend", | |
| // Three shall be the number thou shalt count, and the number of the counting shall be three. | |
| // Four shalt thou not count, neither count thou two, excepting that thou then proceed to three. | |
| // Five is right out. | |
| instance_count: 3, | |
| root_block_device_size: 96, | |
| instance_type: "c5.xlarge" | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment