rancher
/
terraform-aws-server
mirror of https://github.com/rancher/terraform-aws-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: update all tests to stop using the default vpc and subnet (#50) 

* fix: update all tests to stop using the default vpc and subnet, update docs, adjust tests for public ip not being the default

Signed-off-by: Matt Trachier <matttrach@gmail.com>

* fix: revert to using the key to reduce cognitive load for users

Signed-off-by: Matt Trachier <matt.trachier@suse.com>

* fix: add personal functions to rcs

Signed-off-by: Matt Trachier <matt.trachier@suse.com>

---------

Signed-off-by: Matt Trachier <matttrach@gmail.com>
Signed-off-by: Matt Trachier <matt.trachier@suse.com>
This commit is contained in:
Matt Trachier 2024-03-08 12:37:18 -06:00 committed by GitHub
parent 76104cf5da
commit 7bcdeebe8b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
69 changed files with 492 additions and 601 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.rcs
View File

@ -1,2 +1,3 @@
source ~/.config/aws/default/rc # add personal aws auth vars
source ~/.config/functions/default/rc # add personal functions
source ~/.config/alias/default/rc # add personal aliases

133
README.md
View File

@ -1,16 +1,24 @@
# Terraform AWS Server
WARNING! this module is for experimental use only
This module deploys infrastructure in AWS.
This is a "Core Module", it shouldn't contain any nested "independent modules". Please see [terraform.md](./terraform.md) for more information.
## Recent Changes
1. Servers will no longer deploy a public ip by default.
You can override this by setting up a subnet that automatically deploys public ips.
You can select to have a public IP added to your server with the 'add_public_ip' boolean variable.
- this IP will be an elastic ip so it will cost a little bit extra, but will persist between server rebuilds
2. This module has a lean towards enabling the provisioning of kubernetes clusters, so it has some additional requirements
- the primary network interface's ip should not change even when the server is rebuilt
- this allows us to have a more stable config and easier data recovery options
## AWS Access
The first step to using the AWS modules is having an AWS account, [here](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-creating.html) is a document describing this process.
You will need an API access key id and API secret key, you can get the API keys [following this tutorial](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey).
The Terraform AWS provider uses the AWS Go SDK, which allows the use of either environment variables or [config files](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-settings) for authentication.
You do not need the AWS cli to generate the files, just place them in the proper place and Terraform will find and read them.
## Server Types
@ -19,35 +27,124 @@ This module provides a pre-chosen set of "types" of servers in order to reduce c
The choices are detailed [in the server module](./modules/server/types.tf) and below:
```
small = {
id = "t3.small",
# storage sizes in GB, using gp3 storage type
locals {
types = {
small = { # minimum required for rke2 control plane node, handles 0-225 agents
id = "t3.medium",
cpu = "2",
ram = "2",
ram = "4",
storage = "20",
},
medium = {
medium = { # agent node, fits requirements for a database server or a small gaming server
id = "m5.large",
cpu = "2",
ram = "8",
storage = "200",
},
large = {
large = { # control plane handling 226-450 agents, also fits requirements for a git server
id = "c5.xlarge",
cpu = "4",
ram = "8",
storage = "500",
},
xl = {
xl = { # control plane handling 451-1300 agents, also fits requirements for a large database server, gaming server, or a distributed storage solution
id = "t3.xlarge",
cpu = "4",
ram = "16",
storage = "1000",
}
xxl = {
id = "t3.2xlarge",
xxl = { # control plane handling 1300+ agents, also fits requirements for a large gaming server, a large database server, or a distributed storage solution
id = "m5.2xlarge",
cpu = "8",
ram = "32",
storage = "2000",
}
}
}
```
### Image types
This module provides a pre-chosen set of "types" of images in order to reduce choice fatigue for the user and streamline testing.
The choices are detailed [in the image module](./modules/image/types.tf) and below:
```
locals {
types = {
sles-15 = {
user = "ec2-user",
group = "wheel",
name = "suse-sles-15-sp5-v*-hvm-*",
owner = "amazon",
architecture = "x86_64",
workfolder = "~"
},
sles-15-cis = { # WARNING! this AMI requires subscription to a service, it is not free
user = "ec2-user",
group = "wheel",
name = "CIS SUSE Linux Enterprise 15*",
owner = "aws-marketplace",
architecture = "x86_64",
workfolder = "~"
},
rhel-8-cis = { # WARNING! this AMI requires subscription to a service, it is not free https://aws.amazon.com/marketplace/server/procurement?productId=ca1fe94d-9237-41c7-8fc8-78b6b0658c9f
user = "ec2-user",
group = "wheel",
name = "CIS Red Hat Enterprise Linux 8 STIG Benchmark*",
owner = "aws-marketplace",
architecture = "x86_64",
workfolder = "/var/tmp"
},
ubuntu-20 = { # WARNING! you must subscribe and accept the terms to use this image
user = "ubuntu",
group = "admin",
name = "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-*",
owner = "aws-marketplace",
architecture = "x86_64",
workfolder = "~"
},
ubuntu-22 = { # WARNING! you must subscribe and accept the terms to use this image
user = "ubuntu",
group = "admin",
name = "ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-*",
owner = "aws-marketplace",
architecture = "x86_64",
workfolder = "~"
},
rocky-8 = { # WARNING! you must subscribe and accept the terms to use this image
user = "ec2-user",
group = "wheel",
name = "Rocky-8-EC2-Base-8*",
owner = "aws-marketplace",
architecture = "x86_64",
workfolder = "~"
},
# the goal for these search strings is to keep them as stable as possible without specifying a version that is EOL
# our users often rely on extended support from RHEL, so we don't consider odd numbered minors which are inelegible for that
# https://access.redhat.com/support/policy/updates/errata
# therefore the search found here is the most recent even minor that has been released
# expect RHEL 9.4 in June 2024
rhel-9 = {
user = "ec2-user",
group = "wheel",
name = "RHEL-9.2.*_HVM-*-x86_64-*-Hourly2-GP3",
owner = "amazon",
architecture = "x86_64",
workfolder = "~"
},
# following the same lines as rhel-9 this will be the most recent even minor that has been released
# expect RHEL 8.10 in June 2024
rhel-8 = {
user = "ec2-user",
group = "wheel",
name = "RHEL-8.8.*_HVM-*-x86_64-*-Hourly2-GP3",
owner = "amazon",
architecture = "x86_64",
workfolder = "~"
},
}
}
```
@ -57,7 +154,7 @@ The choices are detailed [in the server module](./modules/server/types.tf) and b
The specific use case for the example modules is temporary infrastructure for testing purposes.
With that in mind, it is not expected that we manage the resources as a team, therefore the state files are all stored locally.
If you would like to store the state files remotely, add a terraform backend file (`*.name.tfbackend`) to your implementation module.
If you would like to store the state files remotely, add a terraform backend file (`*.name.tfbackend`) to your root module.
https://www.terraform.io/language/settings/backends/configuration#file
## Development and Testing
@ -65,11 +162,11 @@ https://www.terraform.io/language/settings/backends/configuration#file
### Paradigms and Expectations
Please make sure to read [terraform.md](./terraform.md) to understand the paradigms and expectations that this module has for development.
This is a "Core" module, as such it is not allowed to call other modules, and must only generate resources.
### Environment
It is important to us that all collaborators have the ability to develop in similar environments, so we use tools which enable this as much as possible.
It is important to us that all collaborators have the ability to develop in similar environments,
so we use tools which enable this as much as possible.
These tools are not necessary, but they can make it much simpler to collaborate.
* I use [nix](https://nixos.org/) that I have installed using [their recommended script](https://nixos.org/download.html#nix-install-macos)
@ -80,10 +177,6 @@ These tools are not necessary, but they can make it much simpler to collaborate.
* This means that specifying the file to test (as follows) will fail: `go test -v -timeout 40m -parallel 10 basic_test.go`
* To run an individual test I navigate to the `tests` directory and run `go test -v -timeout 40m -parallel 10 -run <test function name>`
* eg. `go test -v -timeout 40m -parallel 10 -run TestBasic`
* I use `override.tf` files to change the values of `examples` to personalized data so that I can run them.
* some examples use variables so that I can dynamically add values in tests
* I store my GitHub credentials in a local file and generate a symlink to them named `~/.config/github/default/rc`
* this will be automatically sourced when you enter the nix environment (and unloaded when you leave)
Our continuous integration tests in the GitHub [ubuntu-latest runner](https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md), which has many different things installed and does not rely on Nix.
It also uses a custom role and user which has been set up for it.
Our continuous integration tests in the GitHub [ubuntu-latest runner](https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md). It is free for public repositories, we use Nix to add dependencies to it for building and testing.

6
examples/basic/basic/README.md
View File

@ -1,6 +0,0 @@
# Basic Example
This is an example of using this module to deploy a small sles15 server on AWS.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v basic_test.go`.

24
examples/basic/basic/main.tf
View File

@ -11,30 +11,29 @@ locals {
category = "basic"
example = "basic"
email = "terraform-ci@suse.com"
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
name = "tf-${local.category}-${local.example}-${local.identifier}"
username = "tf-${local.identifier}"
key_name = var.key_name
image = "sles-15"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
# A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
}
module "TestBasic" {
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
@ -45,7 +44,8 @@ module "TestBasic" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
subnet_name = local.name
security_group_name = local.name
add_public_ip = true
cloudinit_timeout = "6"
}

2
examples/basic/basic/outputs.tf
View File

@ -1,4 +1,4 @@
output "user_data" {
value = module.TestBasic.user_data
value = module.this.user_data
sensitive = true
}

4
examples/basic/noaccess/main.tf
View File

@ -16,7 +16,7 @@ locals {
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
@ -33,7 +33,7 @@ module "aws_access" {
# we are expecting the server to not get a public ip, preventing outside access
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version

8
examples/basic/noaccess/variables.tf
View File

@ -1,11 +1,3 @@
variable "key" {
type = string
}
variable "key_name" {
type = string
}
variable "identifier" {
type = string
}

21
examples/basic/noscripts/main.tf
View File

@ -11,30 +11,29 @@ locals {
category = "basic"
example = "noscripts"
email = "terraform-ci@suse.com"
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
name = "tf-${local.category}-${local.example}-${local.identifier}"
username = "tf-${local.identifier}"
key_name = var.key_name
image = "sles-15"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
# A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
@ -45,7 +44,7 @@ module "this" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
cloudinit_timeout = "6"
disable_scripts = true # disable running scripts on the server

12
examples/basic/privateip/main.tf
View File

@ -16,16 +16,14 @@ locals {
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .228 to .237
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 255 usable addresses from .1 to .255, but AWS reserves .1 to .4 and .255, leaving .5 to .254
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = local.subnet_cidr
availability_zone = "us-west-1b" # check what availability zones are available in your region before setting this
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "internal"
skip_ssh = true
@ -34,7 +32,7 @@ module "aws_access" {
# we are expecting the server to not get a public ip, preventing outside access
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
@ -45,7 +43,7 @@ module "this" {
user = local.username
subnet_name = local.name
security_group_name = local.name
private_ip = cidrhost(local.subnet_cidr, -2) # get next to last ip from cidr, should be 10.0.255.254
private_ip = cidrhost(local.subnet_cidr, -3) # get third to last ip from cidr, should be 10.0.255.236
cloudinit_timeout = "6"
skip_key = true # don't associate an ssh key to the server
# the config automatically disables scripts when not assigning an ssh key

8
examples/basic/privateip/variables.tf
View File

@ -1,11 +1,3 @@
variable "key" {
type = string
}
variable "key_name" {
type = string
}
variable "identifier" {
type = string
}

12
examples/basic/publicip/main.tf
View File

@ -16,16 +16,14 @@ locals {
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .228 to .237
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 255 usable addresses from .1 to .255, but AWS reserves .1 to .4 and .255, leaving .5 to .254
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = local.subnet_cidr
availability_zone = "us-west-1b" # check what availability zones are available in your region before setting this
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "internal"
skip_ssh = true
@ -34,7 +32,7 @@ module "aws_access" {
# we are expecting the server to not get a public ip, preventing outside access
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
@ -45,7 +43,7 @@ module "this" {
user = local.username
subnet_name = local.name
security_group_name = local.name
private_ip = cidrhost(local.subnet_cidr, -2) # get next to last ip from cidr, should be 10.0.255.254
private_ip = cidrhost(local.subnet_cidr, -3) # get third to last ip from cidr, should be 10.0.255.236
add_public_ip = true
ssh_key = var.key
ssh_key_name = var.key_name

6
examples/os/rhel8/README.md
View File

@ -1,6 +0,0 @@
# RHEL8 Example
This is an example of using this module to deploy a small rhel8 server on AWS.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test os_test.go` or `go test -v -run TestRhel8`.

27
examples/os/rhel8/main.tf
View File

@ -11,31 +11,31 @@ locals {
category = "os"
example = "rhel8"
email = "terraform-ci@suse.com"
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
name = "tf-${local.category}-${local.example}-${local.identifier}"
username = "tf-${local.identifier}"
image = "rhel-8"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestRhel8" {
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
@ -46,6 +46,7 @@ module "TestRhel8" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
add_public_ip = true
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
}

11
examples/os/rhel8cis/README.md
View File

@ -1,11 +0,0 @@
# Basic CIS Example
This is an example of using this module to deploy a small rhel 8 server using the CIS provided STIG Benchmarked image on AWS.
WARNING! This image requires a subscription and will cost a bit extra.
The only way I could find to subscribe was to login to the EC2 console and apply here:
https://aws.amazon.com/marketplace/seller-profile?id=dfa1e6a8-0b7b-4d35-a59c-ce272caee4fc&ref_=beagle
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -parallel=10 -timeout=20m -run=TestRhel8Cis`.

22
examples/os/rhel8cis/main.tf
View File

@ -14,28 +14,28 @@ locals {
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
username = "tf-${local.identifier}"
image = "rhel-8-cis" # https://github.com/rancher/terraform-aws-server/blob/main/modules/image/types.tf
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestRhel8Cis" {
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
@ -46,6 +46,6 @@ module "TestRhel8Cis" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
}

6
examples/os/rhel9/README.md
View File

@ -1,6 +0,0 @@
# RHEL9 Example
This is an example of using this module to deploy a small rhel8 server on AWS.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -parallel=10 -timeout=20m -run=TestRhel9`.

22
examples/os/rhel9/main.tf
View File

@ -14,28 +14,28 @@ locals {
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
image = "rhel-9"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestRhel9" {
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
@ -46,6 +46,6 @@ module "TestRhel9" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
}

6
examples/os/rocky8/README.md
View File

@ -1,6 +0,0 @@
# Rocky8 Example
This is an example of using this module to deploy a small rocky-8 server on AWS.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestRocky8`.

23
examples/os/rocky8/main.tf
View File

@ -14,29 +14,28 @@ locals {
name = "tf-aws-server-test-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
image = "rocky-8"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestRocky8" {
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
@ -47,6 +46,6 @@ module "TestRocky8" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
}

6
examples/os/sles15/README.md
View File

@ -1,6 +0,0 @@
# SLES15 Example
This is an example of using this module to deploy a small sles-15 server on AWS.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestSles15`.

22
examples/os/sles15/main.tf
View File

@ -14,28 +14,28 @@ locals {
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
image = "sles-15"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestSles15" {
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
@ -46,6 +46,6 @@ module "TestSles15" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
}

11
examples/os/sles15cis/README.md
View File

@ -1,11 +0,0 @@
# Basic CIS Example
This is an example of using this module to deploy a small sles15 server using the CIS Benchmark Level 1 approved image on AWS.
WARNING! This image requires a subscription and will cost a bit extra.
The only way I could find to subscribe was to login to the EC2 console and apply here:
https://aws.amazon.com/marketplace/seller-profile?id=dfa1e6a8-0b7b-4d35-a59c-ce272caee4fc&ref_=beagle
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -parallel=10 -timeout=20m -run=TestSles15Cis`.

22
examples/os/sles15cis/main.tf
View File

@ -14,28 +14,28 @@ locals {
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
image = "sles-15-cis"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestSles15Cis" {
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
@ -46,6 +46,6 @@ module "TestSles15Cis" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
}

6
examples/os/ubuntu20/README.md
View File

@ -1,6 +0,0 @@
# Ubuntu 20 Example
This is an example of using this module to deploy a small ubuntu-20 server on AWS.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestUbuntu20`.

23
examples/os/ubuntu20/main.tf
View File

@ -14,27 +14,28 @@ locals {
name = "tf-aws-server-test-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
image = "ubuntu-20"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestUbuntu20" {
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
@ -45,6 +46,6 @@ module "TestUbuntu20" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
}

6
examples/os/ubuntu22/README.md
View File

@ -1,6 +0,0 @@
# Ubuntu 22 Example
This is an example of using this module to deploy a small ubuntu-22 server on AWS.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestUbuntu22`.

22
examples/os/ubuntu22/main.tf
View File

@ -14,28 +14,28 @@ locals {
name = "tf-aws-server-test-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
image = "ubuntu-22"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestUbuntu22" {
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
@ -46,6 +46,6 @@ module "TestUbuntu22" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
}

32
examples/overrides/association/main.tf
View File

@ -7,25 +7,23 @@ provider "aws" {
}
locals {
identifier = var.identifier # this is a random unique string that can be used to identify resources in the cloud provider
category = "overrides"
example = "association"
email = "terraform-ci@suse.com"
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
image = "ami-09b2a1e33ce552e68" # this must be an AMI in your region
public_ssh_key = var.key
key_name = var.key_name
server_id = var.server
identifier = var.identifier # this is a random unique string that can be used to identify resources in the cloud provider
category = "overrides"
example = "association"
email = "terraform-ci@suse.com"
setup = "tf-${local.category}-${local.example}-${local.identifier}"
name = "tf-${local.category}-${local.example}-${local.identifier}-sut"
image = "ami-09b2a1e33ce552e68" # this must be an AMI in your region
key_name = var.key_name
server_id = var.server
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.setup
subnet_name = local.setup
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
@ -33,7 +31,7 @@ module "aws_access" {
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../"
image_id = local.image
@ -42,8 +40,8 @@ module "this" {
image_workfolder = "~"
owner = local.email
name = local.name
id = local.server_id # server must already exist outside of this terraform config
subnet_name = "default"
id = local.server_id # server must already exist outside of this terraform config, see ./setup/
subnet_name = local.setup
security_group_name = local.name
# usually when selecting a server nothing is created,

19
examples/overrides/association/setup/main.tf
View File

@ -11,28 +11,29 @@ locals {
category = "overrides"
example = "association"
email = "terraform-ci@suse.com"
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
name = "tf-${local.category}-${local.example}-${local.identifier}"
username = "tf-${local.identifier}"
image = "ami-09b2a1e33ce552e68" # this must be an AMI in your region
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "setup_access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
module "this" {
depends_on = [
module.aws_access,
module.setup_access,
]
source = "../../../../"
image_id = local.image # if you specify an image_id, you must also specify the initial_user, admin_group, and workfolder
@ -45,6 +46,6 @@ module "this" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name
}

3
examples/overrides/association/setup/outputs.tf
View File

@ -18,4 +18,7 @@ output "cpu" {
}
output "storage" {
value = module.this.storage
}
output "identifier" {
value = local.identifier
}

5
examples/overrides/association/variables.tf
View File

@ -1,10 +1,5 @@
variable "key" {
type = string
}
variable "key_name" {
type = string
}
variable "identifier" {
type = string

32
examples/overrides/select_all/main.tf
View File

@ -7,33 +7,31 @@ provider "aws" {
}
locals {
identifier = var.identifier # this is a random unique string that can be used to identify resources in the cloud provider
category = "overrides"
example = "select_all"
email = "terraform-ci@suse.com"
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
image = "ami-09b2a1e33ce552e68" # this must be an AMI in your region
public_ssh_key = var.key
key_name = var.key_name
server_id = var.server
identifier = var.identifier # this is a random unique string that can be used to identify resources in the cloud provider
category = "overrides"
example = "select_all"
email = "terraform-ci@suse.com"
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
image = "ami-09b2a1e33ce552e68" # this must be an AMI in your region
server_id = var.server
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../"
image_id = local.image
@ -43,6 +41,6 @@ module "this" {
owner = local.email
name = local.name
id = local.server_id # server must already exist outside of this terraform config
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name
}

15
examples/overrides/select_all/setup/main.tf
View File

@ -18,21 +18,22 @@ locals {
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../../"
image_id = local.image # if you specify an image_id, you must also specify the initial_user, admin_group, and workfolder
@ -45,6 +46,6 @@ module "this" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name
}

8
examples/overrides/select_all/variables.tf
View File

@ -1,11 +1,3 @@
variable "key" {
type = string
}
variable "key_name" {
type = string
}
variable "identifier" {
type = string
}

10
examples/overrides/select_image/README.md
View File

@ -1,10 +0,0 @@
# Image Only Example
This is an example of using this module to select information rather than creating anything.
This will select the image from the image types and retrieve information about it.
Please see ./image/types.tf for more information on the opinionated image selection this module provides.
NOTE: This module does not create images, it may select them or skip them (potentially requiring the user to provide more information), but it won't create them.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests/overrides directory and run the test with `go test -v -run TestImageOnly`.

2
examples/overrides/select_image/main.tf
View File

@ -1,4 +1,4 @@
module "TestSelectImage" {
module "this" {
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
image = "sles-15"

14
examples/overrides/select_image/outputs.tf
View File

@ -1,21 +1,21 @@
output "private_ip" {
value = module.TestSelectImage.private_ip
value = module.this.private_ip
}
output "public_ip" {
value = module.TestSelectImage.public_ip
value = module.this.public_ip
}
output "id" {
value = module.TestSelectImage.id
value = module.this.id
}
output "ami" {
value = module.TestSelectImage.ami
value = module.this.ami
}
output "ram" {
value = module.TestSelectImage.ram
value = module.this.ram
}
output "cpu" {
value = module.TestSelectImage.cpu
value = module.this.cpu
}
output "storage" {
value = module.TestSelectImage.storage
value = module.this.storage
}

8
examples/overrides/server_only/README.md
View File

@ -1,8 +0,0 @@
# Server Only Example
This is an example of using this module to deploy a small sles15 server, specifying the ami to use.
If you specify an image_id, you must also specify the admin_group and initial_user.
These are used to login to the server for the first time and set up a new user as specified by "username".
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestServerOnly`.

22
examples/overrides/server_only/main.tf
View File

@ -14,27 +14,27 @@ locals {
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
image = "ami-09b2a1e33ce552e68" # this must be an AMI in your region
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestServerOnly" {
depends_on = [module.aws_access]
module "this" {
depends_on = [module.access]
source = "../../../"
image_id = local.image # if you specify an image_id, you must also specify the initial_user, admin_group, and workfolder
image_initial_user = "ec2-user" # if you specify an image_id, you must also specify the initial_user, admin_group, and workfolder
@ -46,6 +46,6 @@ module "TestServerOnly" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
}

14
examples/overrides/server_only/outputs.tf
View File

@ -1,21 +1,21 @@
output "private_ip" {
value = module.TestServerOnly.private_ip
value = module.this.private_ip
}
output "public_ip" {
value = module.TestServerOnly.public_ip
value = module.this.public_ip
}
output "id" {
value = module.TestServerOnly.id
value = module.this.id
}
output "ami" {
value = module.TestServerOnly.ami
value = module.this.ami
}
output "ram" {
value = module.TestServerOnly.ram
value = module.this.ram
}
output "cpu" {
value = module.TestServerOnly.cpu
value = module.this.cpu
}
output "storage" {
value = module.TestServerOnly.storage
value = module.this.storage
}

6
examples/region/useast1/README.md
View File

@ -1,6 +0,0 @@
# Us-East-1 Example
This is an example of using this module to deploy a small sles15 server in the us-east-1 region.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestUsEast1`.

18
examples/region/useast1/main.tf
View File

@ -20,21 +20,23 @@ locals {
# root modules should be secured properly (including the state), and should represent your running infrastructure
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag in AWS
module "TestUseast1" {
depends_on = [module.aws_access]
module "this" {
depends_on = [module.access]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
image = local.image
@ -44,6 +46,6 @@ module "TestUseast1" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
}

6
examples/region/useast2/README.md
View File

@ -1,6 +0,0 @@
# US-East-2 Example
This is an example of using this module to deploy a small sles15 server on AWS in the us-east-2 region.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
`go test -v -run TestUsEast2`.

23
examples/region/useast2/main.tf
View File

@ -15,26 +15,27 @@ locals {
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
image = "sles-15"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestUseast2" {
depends_on = [module.aws_access]
module "this" {
depends_on = [module.access]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
image = local.image
@ -44,6 +45,6 @@ module "TestUseast2" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
}

6
examples/region/uswest1/README.md
View File

@ -1,6 +0,0 @@
# Us-West-1 Example
This is an example of using this module to deploy a small sles15 server on AWS in the us-west-1 region.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestUsWest1`.

20
examples/region/uswest1/main.tf
View File

@ -12,7 +12,7 @@ locals {
category = "region"
example = "uswest1"
email = "terraform-ci@suse.com"
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
name = "tf-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
image = "sles-15"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
@ -20,21 +20,23 @@ locals {
# root modules should be secured properly (including the state), and should represent your running infrastructure
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestUswest1" {
depends_on = [module.aws_access]
module "this" {
depends_on = [module.access]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
image = local.image
@ -44,6 +46,6 @@ module "TestUswest1" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
}

11
examples/region/uswest2/main.tf
View File

@ -19,25 +19,24 @@ locals {
key_name = var.key_name
}
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.0"
version = "v1.1.1"
owner = local.email
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
subnet_public_ip = true
security_group_name = local.name
security_group_type = "internal"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestUswest2" {
module "this" {
depends_on = [
module.aws_access
module.access
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version

17
examples/securitygroups/egress/README.md
View File

@ -1,17 +0,0 @@
# Egress Security Group Example
This is an example of using this module to deploy a small sles15 server on AWS with the "egress" security group type.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestEgress`
## Security Group Type
We provide a selection of security group "types" which produces archetypical objects in AWS.
The basic security group adds the single IP of the server running Terraform, allowing it access to the server created for the purpose of validation and configuration, we call this type "specific".
The next security group adds to the "specific" group by adding rules to allow for internal subnet traffic, in this type the subnet cidr is allowed for both ingress and egress. This type is called "internal".
The next security group duplicates the "internal" type, then adds rules to allow egress only to the public internet. This is helpful if you want to be able to upgrade your server, or if you need your server to be able to download packages from the internet, but you don't want the public internet to be able to initiate connections with your server. Thie type is called "egress", and is the type selected for this example.

22
examples/securitygroups/egress/main.tf
View File

@ -14,26 +14,26 @@ locals {
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
image = "sles-15"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "egress"
ssh_key_name = local.key_name
skip_ssh = true
}
module "TestEgress" {
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
@ -44,6 +44,6 @@ module "TestEgress" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name
}

14
examples/securitygroups/internal/README.md
View File

@ -1,14 +0,0 @@
# Internal Security Group Example
This is an example of using this module to deploy a small sles15 server on AWS with the "egress" security group type.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestInternal`
## Security Group Type
We provide a selection of security group "types" which produces archetypical objects in AWS.
The basic security group adds the single IP of the server running Terraform, allowing it access to the server created for the purpose of validation and configuration, we call this type "specific".
The next security group adds to the "specific" group by adding rules to allow for internal subnet traffic, in this type the subnet cidr is allowed for both ingress and egress. This type is called "internal", and is the type selected for this example.

24
examples/securitygroups/internal/main.tf
View File

@ -11,29 +11,29 @@ locals {
category = "securitygroups"
example = "internal"
email = "terraform-ci@suse.com"
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
name = "tf-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
image = "sles-15"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "internal"
ssh_key_name = local.key_name
skip_ssh = true
}
module "TestInternal" {
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
@ -44,6 +44,6 @@ module "TestInternal" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name
}

18
examples/securitygroups/public/README.md
View File

@ -1,18 +0,0 @@
# Public Security Group Example
This is an example of using this module to deploy a small sles15 server on AWS with the "egress" security group type.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestPublic`
## Security Group Type
We provide a selection of security group "types" which produces archetypical objects in AWS.
The basic security group adds the single IP of the server running Terraform, allowing it access to the server created for the purpose of validation and configuration, we call this type "specific".
The next security group adds to the "specific" group by adding rules to allow for internal subnet traffic, in this type the subnet cidr is allowed for both ingress and egress. This type is called "internal".
The next security group duplicates the "internal" type, then adds rules to allow egress only to the public internet. This is helpful if you want to be able to upgrade your server, or if you need your server to be able to download packages from the internet, but you don't want the public internet to be able to initiate connections with your server. This type is called "egress".
The final, and most permissive security group type is called "public". This adds to the "egress" rule set allowing public access from any IP. This essentially opens your server up to the general public, and is the type selected for this example.

22
examples/securitygroups/public/main.tf
View File

@ -14,26 +14,26 @@ locals {
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
image = "sles-15"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "public"
ssh_key_name = local.key_name
skip_ssh = true
}
module "TestPublic" {
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
@ -44,6 +44,6 @@ module "TestPublic" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name
}

12
examples/securitygroups/specific/README.md
View File

@ -1,12 +0,0 @@
# Specific Security Group Example
This is an example of using this module to deploy a small sles15 server on AWS with the "egress" security group type.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestSpecific`
## Security Group Type
We provide a selection of security group "types" which produces archetypical objects in AWS.
The basic security group adds the single IP of the server running Terraform, allowing it access to the server created for the purpose of validation and configuration, we call this type "specific". This is the type selected for this example.

22
examples/securitygroups/specific/main.tf
View File

@ -14,26 +14,26 @@ locals {
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
image = "sles-15"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
module "TestSpecific" {
module "this" {
depends_on = [
module.aws_access,
module.access,
]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
@ -44,6 +44,6 @@ module "TestSpecific" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name
}

6
examples/size/large/README.md
View File

@ -1,6 +0,0 @@
# Large Server Example
This is an example of using this module to deploy a large sles15 server.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestLarge`.

17
examples/size/large/main.tf
View File

@ -20,22 +20,23 @@ locals {
# root modules should be secured properly (including the state), and should represent your running infrastructure
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestLarge" {
depends_on = [module.aws_access]
module "this" {
depends_on = [module.access]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
image = local.image
@ -45,6 +46,6 @@ module "TestLarge" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
}

6
examples/size/medium/README.md
View File

@ -1,6 +0,0 @@
# Medium Server Example
This is an example of using this module to deploy a med sles15 server.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestMedium`.

22
examples/size/medium/main.tf
View File

@ -15,27 +15,27 @@ locals {
username = "tf-ci-${local.identifier}"
image = "sles-15"
size = "medium"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestMedium" {
depends_on = [module.aws_access]
module "this" {
depends_on = [module.access]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
image = local.image
@ -45,6 +45,6 @@ module "TestMedium" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
}

6
examples/size/small/README.md
View File

@ -1,6 +0,0 @@
# Small Server Example
This is an example of using this module to deploy a small sles15 server.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestSmall`.

23
examples/size/small/main.tf
View File

@ -15,26 +15,27 @@ locals {
username = "tf-ci-${local.identifier}"
image = "sles-15"
size = "small"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestSmall" {
depends_on = [module.aws_access]
module "this" {
depends_on = [module.access]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
image = local.image
@ -44,6 +45,6 @@ module "TestSmall" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
}

6
examples/size/xl/README.md
View File

@ -1,6 +0,0 @@
# Extra Large Server Example
This is an example of using this module to deploy an xl sles15 server.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestXl`.

24
examples/size/xl/main.tf
View File

@ -15,26 +15,26 @@ locals {
username = "tf-ci-${local.identifier}"
image = "sles-15"
size = "xl"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestXl" {
depends_on = [module.aws_access]
module "this" {
depends_on = [module.access]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
image = local.image
@ -44,6 +44,6 @@ module "TestXl" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
subnet_name = local.name
security_group_name = local.name
}

6
examples/size/xxl/README.md
View File

@ -1,6 +0,0 @@
# Extra Extra Large Server Example
This is an example of using this module to deploy an extra extra large sles15 server.
This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestXxl`.

25
examples/size/xxl/main.tf
View File

@ -11,30 +11,31 @@ locals {
category = "size"
example = "xxl"
email = "terraform-ci@suse.com"
name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}"
name = "tf-${local.category}-${local.example}-${local.identifier}"
username = "tf-ci-${local.identifier}"
image = "sles-15"
size = "xxl"
public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key
key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
# root modules should be secured properly (including the state), and should represent your running infrastructure
public_ssh_key = var.key
key_name = var.key_name
}
# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
module "aws_access" {
module "access" {
source = "rancher/access/aws"
version = "v1.1.1"
owner = local.email
vpc_name = "default"
subnet_name = "default"
vpc_name = local.name
vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254
subnet_name = local.name
subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237
security_group_name = local.name
security_group_type = "specific"
ssh_key_name = local.key_name
skip_ssh = true
}
# aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag
# this is an rare example of when the name attribute is different than the Name tag
module "TestXxl" {
depends_on = [module.aws_access]
module "test" {
depends_on = [module.access]
source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest
# version = "v0.0.15" # when using this example you will need to set the version
image = local.image
@ -44,6 +45,6 @@ module "TestXxl" {
user = local.username
ssh_key = local.public_ssh_key
ssh_key_name = local.key_name
subnet_name = "default"
subnet_name = local.name
security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name
}

5
modules/image/variables.tf
View File

@ -1,4 +1,5 @@
variable "id" {
type = string
description = <<-EOT
An AMI to select.
Don't use this is if you want to search for an AMI.
@ -7,6 +8,7 @@ variable "id" {
default = ""
}
variable "type" {
type = string
description = <<-EOT
A type from the types.tf file.
Types represent a standard set of opinionated options that we select for you.
@ -15,6 +17,7 @@ variable "type" {
default = ""
}
variable "initial_user" {
type = string
description = <<-EOT
This isn't used if a type is selected.
The initial user on the AMI, this is used for the initial connection.
@ -24,6 +27,7 @@ variable "initial_user" {
default = ""
}
variable "admin_group" {
type = string
description = <<-EOT
The linux group considered 'admin' on the AMI.
The initial user will be added to this group, it must have sudo access.
@ -32,6 +36,7 @@ variable "admin_group" {
default = ""
}
variable "workfolder" {
type = string
description = <<-EOT
This isn't used if a type is selected.
The folder where scripts will be copied to and run from on the AMI.

34
modules/server/main.tf
View File

@ -15,16 +15,20 @@ locals {
type = (local.create ? local.types[var.type] : {})
image_id = var.image_id
initial_user = var.image_initial_user
initial_user_home = "/home/${local.initial_user}"
initial_workspace = replace(var.image_workfolder, "~", "") # WARNING! '~' can't go to the server! you will see "scp: permission denied" errors
workfolder = (local.initial_workspace == "" ? local.initial_user_home : local.initial_workspace)
admin_group = var.image_admin_group
workfolder = ((var.image_workfolder == "~" || var.image_workfolder == "") ? "/home/${local.initial_user}" : var.image_workfolder)
cloudinit_script = var.cloudinit_script
cloudinit_timeout = var.cloudinit_timeout
skip_key = var.skip_key # skip the association of a keypair to the server
ssh_key = (local.skip_key ? "" : var.ssh_key) # empty key if not associating a key
ssh_key_name = (local.skip_key ? "" : var.ssh_key_name) # empty key name if not associating a key
associate_key = (local.skip_key ? false : true) # associate key is the opposite of skip_key
disable_scripts = (var.disable_scripts || local.skip_key ? true : false) # disable scripts if not associating an ssh key
enable_scripts = (local.disable_scripts ? false : true) # enable scripts is the opposite of disable scripts
skip_key = var.skip_key # skip the association of a keypair to the server
ssh_key = (local.skip_key ? "" : var.ssh_key) # empty key if not associating a key
ssh_key_name = (local.skip_key ? "" : var.ssh_key_name) # empty key name if not associating a key
associate_key = (local.skip_key ? false : true) # associate key is the opposite of skip_key
no_public_ip = (local.eip ? false : true) # opposite of add_public_ip
disable_scripts = (var.disable_scripts || local.skip_key || local.no_public_ip ? true : false) # disable scripts if not associating an ssh key or public ip
enable_scripts = (local.disable_scripts ? false : true) # enable scripts is the opposite of disable scripts
user_data = templatefile("${path.module}/cloudinit.tpl", {
initial_user = local.initial_user
admin_group = local.admin_group
@ -34,7 +38,7 @@ locals {
script = indent(6, local.cloudinit_script)
})
}
# WARNING! When selecting a server it is assumed that no additional resources are required (unless forcing group)
# WARNING! When selecting a server it is assumed that no additional resources are required (unless forcing security group creation)
data "aws_instance" "selected" {
count = (local.select ? 1 : 0)
instance_id = local.id
@ -112,11 +116,15 @@ resource "aws_instance" "created" {
instance_type = local.type.id
user_data_replace_on_change = true # forces a replace when the user data changes, this is often what we want to prevent security issues
#associate_public_ip_address = false # this will be handled in interfaces attached to the instance and subnet rules
# kubernetes expects the primary interface to keep its IP
# the server resource will generate a device 0 interface if one is not given
# so the only way to control the primary interface is to provide it like this
# this necessitates the network interface being created before the server
network_interface {
network_interface_id = aws_network_interface.created[0].id
device_index = 0
}
instance_initiated_shutdown_behavior = "stop" # termination can be handled by destroy or separately
user_data_base64 = base64encode(local.user_data)
availability_zone = data.aws_subnet.general_info[0].availability_zone
@ -126,6 +134,7 @@ resource "aws_instance" "created" {
Name = local.name
User = local.user
Owner = local.owner
Home = local.workfolder
}
root_block_device {
@ -139,8 +148,11 @@ resource "aws_instance" "created" {
}
lifecycle {
ignore_changes = [
tags,
root_block_device.0.tags,
tags, # amazon updates tags automatically, ignore this change
tags_all, # amazon updates tags automatically, ignore this change
root_block_device[0].tags_all, # amazon updates tags automatically, ignore this change
availability_zone, # this is dependant on the aws subnet lookup and if not ignored will cause the server to always rebuild
network_interface, # this is dependant on the aws subnet lookup and if not ignored will cause the server to always rebuild
]
}
}

10
modules/server/variables.tf
View File

@ -115,14 +115,8 @@ variable "eip" {
variable "ip" {
type = string
description = <<-EOT
Ipv4 address to associate with the server, it must be within the usable addresses in the subnet given.
EOT
default = ""
}
variable "ipv6" {
type = string
description = <<-EOT
Ipv6 address to associate with the server, it must be within the usable addresses in the subnet given.
Private IP address to associate with the server, it must be within the usable addresses in the subnet given.
Assigning a specific public IP address is not available yet.
EOT
default = ""
}

6
tests/overrides_test.go
View File

@ -87,7 +87,8 @@ func TestAssociation(t *testing.T) {
defer teardown(t, category, setupDirectory, setupKeyPair)
defer terraform.Destroy(t, setupTerraformOptions)
terraform.InitAndApply(t, setupTerraformOptions)
output := terraform.Output(t, setupTerraformOptions, "id")
serverId := terraform.Output(t, setupTerraformOptions, "id")
uniqueId := terraform.Output(t, setupTerraformOptions, "identifier")
// after setup completes we can run the actual test, passing in the server id from setup
terraformOptions, keyPair := setup(t, category, directory, region, owner)
@ -96,6 +97,7 @@ func TestAssociation(t *testing.T) {
defer sshAgent.Stop()
defer teardown(t, category, directory, keyPair)
defer terraform.Destroy(t, terraformOptions)
terraformOptions.Vars["server"] = output
terraformOptions.Vars["identifier"] = uniqueId
terraformOptions.Vars["server"] = serverId
terraform.InitAndApply(t, terraformOptions)
}