diff --git a/config.tf b/config.tf index 988dd195..7a77d571 100644 --- a/config.tf +++ b/config.tf @@ -1,6 +1,6 @@ # Settings for automated PTFE installation data "template_file" "repl_ptfe_config" { - template = "${local.rptfeconf[var.install_mode]}" + template = "${local.rptfeconf[var.install_type]}" vars { hostname = "${module.lb.endpoint}" @@ -22,7 +22,7 @@ data "template_file" "repl_ptfe_config" { # Settings for automated replicated installation. data "template_file" "repl_config" { - template = "${local.replconf[var.install_mode]}" + template = "${local.replconf[var.install_type]}" vars = { console_password = "${random_pet.console_password.id}" @@ -51,7 +51,7 @@ data "template_file" "cloud_config" { role_id = "${count.index}" health_url = "http://${aws_elb.cluster_api.dns_name}:${local.assistant_port}/healthz" proxy_url = "${var.http_proxy_url}" - ptfe_url = "${var.ptfe_url}" + installer_url = "${var.installer_url}" import_key = "${var.import_key}" startup_script = "${base64encode(var.startup_script)}" @@ -83,7 +83,7 @@ data "template_file" "cloud_config_secondary" { cluster_api_endpoint = "${aws_elb.cluster_api.dns_name}:6443" health_url = "http://${aws_elb.cluster_api.dns_name}:${local.assistant_port}/healthz" proxy_url = "${var.http_proxy_url}" - ptfe_url = "${var.ptfe_url}" + installer_url = "${var.installer_url}" role = "secondary" import_key = "${var.import_key}" diff --git a/examples/root-example/main.tf b/examples/root-example/main.tf index 57c5d6d2..20ae42d5 100644 --- a/examples/root-example/main.tf +++ b/examples/root-example/main.tf @@ -3,27 +3,23 @@ provider "aws" { } module "tfe-ha" { - source = "hashicorp/tfe-ha/aws" + source = "hashicorp/tfe-ha/aws" + version = "0.0.1-beta" - version = "0.1.0" - vpc_id = "vpc-123456789abcd1234" - domain = "example.com" - license_file = "company.rli" - secondary_count = "3" - primary_count = "3" - distribution = "ubuntu" + vpc_id = "vpc-123456789abcd1234" + domain = "example.com" + license_file = "company.rli" } output "tfe-ha" { value = { - ssh_private_key = "${module.tfe-ha.ssh_private_key}" - replicated_console_password = "${module.tfe-ha.replicated_console_password}" - replicated_console_url = "${module.tfe-ha.replicated_console_url}" - ptfe_endpoint = "${module.tfe-ha.ptfe_endpoint}" - ptfe_health_check = "${module.tfe-ha.ptfe_health_check}" - primary_public_ip = "${module.tfe-ha.primary_public_ip}" - lb_endpoint = "${module.tfe-ha.lb_endpoint}" - iam_role = "${module.tfe-ha.iam_role}" - install_id = "${module.tfe-ha.install_id}" + application_endpoint = "${module.tfe-ha.application_endpoint}" + application_health_check = "${module.tfe-ha.application_health_check}" + iam_role = "${module.tfe-ha.iam_role}" + install_id = "${module.tfe-ha.install_id}" + installer_dashboard_password = "${module.tfe-ha.installer_dashboard_password}" + installer_dashboard_url = "${module.tfe-ha.installer_dashboard_url}" + primary_public_ip = "${module.tfe-ha.primary_public_ip}" + ssh_private_key = "${module.tfe-ha.ssh_private_key}" } } diff --git a/module-common.tf b/module-common.tf index 5125226d..6997d6de 100644 --- a/module-common.tf +++ b/module-common.tf @@ -2,5 +2,5 @@ module "common" { source = "./modules/common-user-vpc" vpc_id = "${var.vpc_id}" subnet_tags = "${var.subnet_tags}" - whitelist = "${var.whitelist}" + allow_list = "${var.allow_list}" } diff --git a/modules/common-user-vpc/security_groups.tf b/modules/common-user-vpc/security_groups.tf index 12a0a58c..b75fe2dc 100644 --- a/modules/common-user-vpc/security_groups.tf +++ b/modules/common-user-vpc/security_groups.tf @@ -23,13 +23,13 @@ resource "aws_security_group" "intra_vpc_and_egress" { # Allow whitelisted ranges to access our services. # For example, an HTTP proxy. -resource "aws_security_group_rule" "white_list" { - count = "${length(var.whitelist) > 0 ? 1 : 0}" +resource "aws_security_group_rule" "allow_list" { + count = "${length(var.allow_list) > 0 ? 1 : 0}" type = "ingress" protocol = "-1" from_port = 0 to_port = 0 - cidr_blocks = ["${var.whitelist}"] + cidr_blocks = ["${var.allow_list}"] security_group_id = "${aws_security_group.intra_vpc_and_egress.id}" } diff --git a/modules/common-user-vpc/variables.tf b/modules/common-user-vpc/variables.tf index 1d7249b0..da9656d3 100644 --- a/modules/common-user-vpc/variables.tf +++ b/modules/common-user-vpc/variables.tf @@ -19,9 +19,9 @@ variable "subnet_tags" { default = {} } -variable "whitelist" { +variable "allow_list" { type = "list" - description = "list of CIDRs we allow to access the PTFE infrastructure" + description = "list of CIDRs we allow to access the infrastructure" default = [] } diff --git a/outputs.tf b/outputs.tf index ee212ff9..be023be6 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,15 +1,17 @@ -## this allows the user to do `ssh -F ssh-config default` -resource "local_file" "ssh_config" { - filename = "${path.module}/work/ssh-config" - content = "${data.template_file.ssh_config.rendered}" +output "application_endpoint" { + value = "https://${module.lb.endpoint}" } -output "ssh_config_file" { - value = "${local_file.ssh_config.filename}" +output "application_health_check" { + value = "https://${module.lb.endpoint}/_health_check" } -output "ssh_private_key" { - value = "${module.common.ssh_priv_key_file}" +output "iam_role" { + value = "${aws_iam_role.ptfe.name}" +} + +output "install_id" { + value = "${module.common.install_id}" } output "installer_dashboard_password" { @@ -20,26 +22,20 @@ output "installer_dashboard_url" { value = "https://${module.lb.endpoint}:8800" } -output "tfe_endpoint" { - value = "https://${module.lb.endpoint}" -} - -output "tfe_health_check" { - value = "https://${module.lb.endpoint}/_health_check" +## this allows the user to do `ssh -F ssh-config default` +resource "local_file" "ssh_config" { + filename = "${path.module}/work/ssh-config" + content = "${data.template_file.ssh_config.rendered}" } output "primary_public_ip" { value = "${element(aws_instance.primary.*.public_ip, 0)}" } -output "lb_endpoint" { - value = "${module.lb.endpoint}" -} - -output "iam_role" { - value = "${aws_iam_role.ptfe.name}" +output "ssh_config_file" { + value = "${local_file.ssh_config.filename}" } -output "install_id" { - value = "${module.common.install_id}" +output "ssh_private_key" { + value = "${module.common.ssh_priv_key_file}" } diff --git a/templates/cloud-config-secondary.yaml b/templates/cloud-config-secondary.yaml index 163b0725..9e9c95d1 100644 --- a/templates/cloud-config-secondary.yaml +++ b/templates/cloud-config-secondary.yaml @@ -12,7 +12,7 @@ write_files: - path: /etc/ptfe/ptfe_url owner: root:root permissions: "0644" - content: "${ptfe_url}" + content: "${installer_url}" - path: /etc/ptfe/bootstrap-token owner: root:root diff --git a/templates/cloud-config.yaml b/templates/cloud-config.yaml index abab5070..b21d4461 100644 --- a/templates/cloud-config.yaml +++ b/templates/cloud-config.yaml @@ -14,7 +14,7 @@ write_files: - path: /etc/ptfe/ptfe_url owner: root:root permissions: "0644" - content: "${ptfe_url}" + content: "${installer_url}" - path: /etc/ptfe/bootstrap-token owner: root:root diff --git a/variables.tf b/variables.tf index 00a49f2d..a54256bf 100644 --- a/variables.tf +++ b/variables.tf @@ -7,53 +7,81 @@ locals { ### =================================================================== REQUIRED +variable "domain" { + type = "string" + description = "Route53 Domain to manage DNS under" +} + +variable "license_file" { + type = "string" + description = "path to license file" +} + variable "vpc_id" { type = "string" description = "AWS VPC id to install into" } -variable "domain" { +### =================================================================== OPTIONAL + +variable "airgap_installer_url" { type = "string" - description = "Route53 Domain to manage DNS under" + description = "URL to airgap installer package" + default = "https://install.terraform.io/installer/replicated-v5.tar.gz" } -variable "license_file" { +variable "airgap_package_url" { + type = "string" + description = "signed URL to download the package" + default = "" +} + +variable "ami" { type = "string" - description = "path to TFE license file" + description = "AMI to launch instance with; defaults to latest Ubuntu Xenial" + default = "" } -variable "secondary_count" { +variable "cert_domain" { type = "string" - description = "The number of secondary cluster nodes to run" + description = "domain to search for ACM certificate with (default is *.domain)" + default = "" } -variable "primary_count" { +variable "cidr" { type = "string" - description = "The number of additional cluster master nodes to run" + description = "cidr block for vpc" + default = "10.0.0.0/16" } variable "distribution" { type = "string" description = "Type of linux distribution to use. (ubuntu or rhel)" + default = "ubuntu" } -### =================================================================== OPTIONAL -variable "ptfe_url" { +variable "encryption_password" { type = "string" - description = "URL to the PTFE tool" - default = "https://install.terraform.io/installer/ptfe.zip" + description = "encryption password to use as root secret (default is autogenerated)" + default = "" } -variable "airgap_package_url" { +variable "hostname" { type = "string" - description = "signed URL to download the package" + description = "hostname to assign to cluster under domain (default is autogenerated one)" default = "" } -variable "airgap_installer_url" { +variable "iact_subnet_list" { type = "string" - description = "URL to replicated's airgap installer package" - default = "https://install.terraform.io/installer/replicated-v5.tar.gz" + description = "List of subnets to allow to access Initial Admin Creation Token (IACT) API. https://www.terraform.io/docs/enterprise/private/automating-initial-user.html" + default = "" +} + +variable "iact_subnet_time_limit" { + type = "string" + description = "Amount of time to allow access to IACT API after initial boot" + default = "" } variable "import_key" { @@ -62,22 +90,22 @@ variable "import_key" { default = "" } -variable "subnet_tags" { - type = "map" - description = "tags to use to match subnets to use" - default = {} +variable "install_type" { + type = "string" + description = "Installation type. options are (demo, airgap, es, or es_airgap)" + default = "demo" } -variable "region" { +variable "installer_url" { type = "string" - description = "aws region where resources will be created" - default = "us-west-2" + description = "URL to the cluster setup tool" + default = "https://install.terraform.io/installer/ptfe.zip" } -variable "cidr" { +variable "primary_count" { type = "string" - description = "cidr block for vpc" - default = "10.0.0.0/16" + description = "The number of additional cluster master nodes to run" + default = 3 } variable "primary_instance_type" { @@ -86,21 +114,21 @@ variable "primary_instance_type" { default = "m4.xlarge" } -variable "secondary_instance_type" { +variable "region" { type = "string" - description = "ec2 instance type (Defaults to `primary_instance_type` if not set.)" - default = "" + description = "aws region where resources will be created" + default = "us-west-2" } -variable "volume_size" { +variable "secondary_count" { type = "string" - description = "size of the root volume in gb" - default = "100" + description = "The number of secondary cluster nodes to run" + default = 5 } -variable "ami" { +variable "secondary_instance_type" { type = "string" - description = "AMI to launch instance with; defaults to latest Ubuntu Xenial" + description = "ec2 instance type (Defaults to `primary_instance_type` if not set.)" default = "" } @@ -116,10 +144,10 @@ variable "startup_script" { default = "" } -variable "hostname" { - type = "string" - description = "hostname to assign to cluster under domain (default is autogenerated one)" - default = "" +variable "subnet_tags" { + type = "map" + description = "tags to use to match subnets to use" + default = {} } variable "update_route53" { @@ -128,53 +156,35 @@ variable "update_route53" { default = true } -variable "encryption_password" { +variable "volume_size" { type = "string" - description = "encryption password to use as root secret (default is autogenerated)" - default = "" + description = "size of the root volume in gb" + default = "100" } -variable "cert_domain" { - type = "string" - description = "domain to search for ACM certificate with (default is *.domain)" - default = "" -} +### ================================ External Services Support -variable "iact_subnet_list" { +variable "aws_access_key_id" { type = "string" - description = "List of subnets to allow to access Initial Admin Creation Token (IACT) API. https://www.terraform.io/docs/enterprise/private/automating-initial-user.html" + description = "AWS access key id to connect to s3 with" default = "" } -variable "iact_subnet_time_limit" { +variable "aws_secret_access_key" { type = "string" - description = "Amount of time to allow access to IACT API after initial boot" + description = "AWS secret access key to connect to s3 with" default = "" } -variable "install_mode" { - type = "string" - description = "Installation mode" - default = "demo" -} - -### ================================ External Services Support - variable "external_services" { type = "string" description = "object store provider for external services. Allowed values: aws" default = "" } -variable "postgresql_user" { - type = "string" - description = "user to connect to external postgresql database as" - default = "" -} - -variable "postgresql_password" { +variable "http_proxy_url" { type = "string" - description = "password to connect to external postgresql database as" + description = "HTTP(S) Proxy URL" default = "" } @@ -196,15 +206,15 @@ variable "postgresql_extra_params" { default = "" } -variable "aws_access_key_id" { +variable "postgresql_password" { type = "string" - description = "AWS access key id to connect to s3 with" + description = "password to connect to external postgresql database as" default = "" } -variable "aws_secret_access_key" { +variable "postgresql_user" { type = "string" - description = "AWS secret access key to connect to s3 with" + description = "user to connect to external postgresql database as" default = "" } @@ -220,15 +230,9 @@ variable "s3_region" { default = "" } -variable "http_proxy_url" { - type = "string" - description = "HTTP(S) Proxy URL" - default = "" -} - -variable "whitelist" { +variable "allow_list" { type = "list" - description = "List of CIDRs we allow to access the TFE infrastructure" + description = "List of CIDRs we allow to access the infrastructure" default = [] } @@ -266,7 +270,8 @@ data "aws_ami" "rhel" { } } -## random password for the installer dashboard + +## random password for the installer dashboard resource "random_pet" "console_password" { length = 3 }