From 7bcdeebe8ba7ac14ca3e05a9e3d20a6ad3044cbc Mon Sep 17 00:00:00 2001 From: Matt Trachier Date: Fri, 8 Mar 2024 12:37:18 -0600 Subject: [PATCH] fix: update all tests to stop using the default vpc and subnet (#50) * fix: update all tests to stop using the default vpc and subnet, update docs, adjust tests for public ip not being the default Signed-off-by: Matt Trachier * fix: revert to using the key to reduce cognitive load for users Signed-off-by: Matt Trachier * fix: add personal functions to rcs Signed-off-by: Matt Trachier --------- Signed-off-by: Matt Trachier Signed-off-by: Matt Trachier --- .rcs | 1 + README.md | 133 +++++++++++++++--- examples/basic/basic/README.md | 6 - examples/basic/basic/main.tf | 24 ++-- examples/basic/basic/outputs.tf | 2 +- examples/basic/noaccess/main.tf | 4 +- examples/basic/noaccess/variables.tf | 8 -- examples/basic/noscripts/main.tf | 21 ++- examples/basic/privateip/main.tf | 12 +- examples/basic/privateip/variables.tf | 8 -- examples/basic/publicip/main.tf | 12 +- examples/os/rhel8/README.md | 6 - examples/os/rhel8/main.tf | 27 ++-- examples/os/rhel8cis/README.md | 11 -- examples/os/rhel8cis/main.tf | 22 +-- examples/os/rhel9/README.md | 6 - examples/os/rhel9/main.tf | 22 +-- examples/os/rocky8/README.md | 6 - examples/os/rocky8/main.tf | 23 ++- examples/os/sles15/README.md | 6 - examples/os/sles15/main.tf | 22 +-- examples/os/sles15cis/README.md | 11 -- examples/os/sles15cis/main.tf | 22 +-- examples/os/ubuntu20/README.md | 6 - examples/os/ubuntu20/main.tf | 23 +-- examples/os/ubuntu22/README.md | 6 - examples/os/ubuntu22/main.tf | 22 +-- examples/overrides/association/main.tf | 32 ++--- examples/overrides/association/setup/main.tf | 19 +-- .../overrides/association/setup/outputs.tf | 3 + examples/overrides/association/variables.tf | 5 - examples/overrides/select_all/main.tf | 32 ++--- examples/overrides/select_all/setup/main.tf | 15 +- examples/overrides/select_all/variables.tf | 8 -- examples/overrides/select_image/README.md | 10 -- examples/overrides/select_image/main.tf | 2 +- examples/overrides/select_image/outputs.tf | 14 +- examples/overrides/server_only/README.md | 8 -- examples/overrides/server_only/main.tf | 22 +-- examples/overrides/server_only/outputs.tf | 14 +- examples/region/useast1/README.md | 6 - examples/region/useast1/main.tf | 18 +-- examples/region/useast2/README.md | 6 - examples/region/useast2/main.tf | 23 +-- examples/region/uswest1/README.md | 6 - examples/region/uswest1/main.tf | 20 +-- examples/region/uswest2/main.tf | 11 +- examples/securitygroups/egress/README.md | 17 --- examples/securitygroups/egress/main.tf | 22 +-- examples/securitygroups/internal/README.md | 14 -- examples/securitygroups/internal/main.tf | 24 ++-- examples/securitygroups/public/README.md | 18 --- examples/securitygroups/public/main.tf | 22 +-- examples/securitygroups/specific/README.md | 12 -- examples/securitygroups/specific/main.tf | 22 +-- examples/size/large/README.md | 6 - examples/size/large/main.tf | 17 +-- examples/size/medium/README.md | 6 - examples/size/medium/main.tf | 22 +-- examples/size/small/README.md | 6 - examples/size/small/main.tf | 23 +-- examples/size/xl/README.md | 6 - examples/size/xl/main.tf | 24 ++-- examples/size/xxl/README.md | 6 - examples/size/xxl/main.tf | 25 ++-- modules/image/variables.tf | 5 + modules/server/main.tf | 34 +++-- modules/server/variables.tf | 10 +- tests/overrides_test.go | 6 +- 69 files changed, 492 insertions(+), 601 deletions(-) delete mode 100644 examples/basic/basic/README.md delete mode 100644 examples/os/rhel8/README.md delete mode 100644 examples/os/rhel8cis/README.md delete mode 100644 examples/os/rhel9/README.md delete mode 100644 examples/os/rocky8/README.md delete mode 100644 examples/os/sles15/README.md delete mode 100644 examples/os/sles15cis/README.md delete mode 100644 examples/os/ubuntu20/README.md delete mode 100644 examples/os/ubuntu22/README.md delete mode 100644 examples/overrides/select_image/README.md delete mode 100644 examples/overrides/server_only/README.md delete mode 100644 examples/region/useast1/README.md delete mode 100644 examples/region/useast2/README.md delete mode 100644 examples/region/uswest1/README.md delete mode 100644 examples/securitygroups/egress/README.md delete mode 100644 examples/securitygroups/internal/README.md delete mode 100644 examples/securitygroups/public/README.md delete mode 100644 examples/securitygroups/specific/README.md delete mode 100644 examples/size/large/README.md delete mode 100644 examples/size/medium/README.md delete mode 100644 examples/size/small/README.md delete mode 100644 examples/size/xl/README.md delete mode 100644 examples/size/xxl/README.md diff --git a/.rcs b/.rcs index fb07861..58d669d 100644 --- a/.rcs +++ b/.rcs @@ -1,2 +1,3 @@ source ~/.config/aws/default/rc # add personal aws auth vars +source ~/.config/functions/default/rc # add personal functions source ~/.config/alias/default/rc # add personal aliases \ No newline at end of file diff --git a/README.md b/README.md index ab64bc1..50e33ee 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,24 @@ # Terraform AWS Server -WARNING! this module is for experimental use only - This module deploys infrastructure in AWS. -This is a "Core Module", it shouldn't contain any nested "independent modules". Please see [terraform.md](./terraform.md) for more information. +## Recent Changes + +1. Servers will no longer deploy a public ip by default. + You can override this by setting up a subnet that automatically deploys public ips. + You can select to have a public IP added to your server with the 'add_public_ip' boolean variable. + - this IP will be an elastic ip so it will cost a little bit extra, but will persist between server rebuilds +2. This module has a lean towards enabling the provisioning of kubernetes clusters, so it has some additional requirements + - the primary network interface's ip should not change even when the server is rebuilt + - this allows us to have a more stable config and easier data recovery options + ## AWS Access The first step to using the AWS modules is having an AWS account, [here](https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-creating.html) is a document describing this process. You will need an API access key id and API secret key, you can get the API keys [following this tutorial](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey). The Terraform AWS provider uses the AWS Go SDK, which allows the use of either environment variables or [config files](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-settings) for authentication. + You do not need the AWS cli to generate the files, just place them in the proper place and Terraform will find and read them. ## Server Types @@ -19,35 +27,124 @@ This module provides a pre-chosen set of "types" of servers in order to reduce c The choices are detailed [in the server module](./modules/server/types.tf) and below: ``` - small = { - id = "t3.small", +# storage sizes in GB, using gp3 storage type +locals { + types = { + small = { # minimum required for rke2 control plane node, handles 0-225 agents + id = "t3.medium", cpu = "2", - ram = "2", + ram = "4", storage = "20", }, - medium = { + medium = { # agent node, fits requirements for a database server or a small gaming server id = "m5.large", cpu = "2", ram = "8", storage = "200", }, - large = { + large = { # control plane handling 226-450 agents, also fits requirements for a git server id = "c5.xlarge", cpu = "4", ram = "8", storage = "500", }, - xl = { + xl = { # control plane handling 451-1300 agents, also fits requirements for a large database server, gaming server, or a distributed storage solution id = "t3.xlarge", cpu = "4", ram = "16", storage = "1000", } - xxl = { - id = "t3.2xlarge", + xxl = { # control plane handling 1300+ agents, also fits requirements for a large gaming server, a large database server, or a distributed storage solution + id = "m5.2xlarge", cpu = "8", ram = "32", storage = "2000", + } + } +} +``` + +### Image types + +This module provides a pre-chosen set of "types" of images in order to reduce choice fatigue for the user and streamline testing. +The choices are detailed [in the image module](./modules/image/types.tf) and below: + +``` +locals { + types = { + sles-15 = { + user = "ec2-user", + group = "wheel", + name = "suse-sles-15-sp5-v*-hvm-*", + owner = "amazon", + architecture = "x86_64", + workfolder = "~" + }, + sles-15-cis = { # WARNING! this AMI requires subscription to a service, it is not free + user = "ec2-user", + group = "wheel", + name = "CIS SUSE Linux Enterprise 15*", + owner = "aws-marketplace", + architecture = "x86_64", + workfolder = "~" + }, + rhel-8-cis = { # WARNING! this AMI requires subscription to a service, it is not free https://aws.amazon.com/marketplace/server/procurement?productId=ca1fe94d-9237-41c7-8fc8-78b6b0658c9f + user = "ec2-user", + group = "wheel", + name = "CIS Red Hat Enterprise Linux 8 STIG Benchmark*", + owner = "aws-marketplace", + architecture = "x86_64", + workfolder = "/var/tmp" + }, + ubuntu-20 = { # WARNING! you must subscribe and accept the terms to use this image + user = "ubuntu", + group = "admin", + name = "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-*", + owner = "aws-marketplace", + architecture = "x86_64", + workfolder = "~" + }, + ubuntu-22 = { # WARNING! you must subscribe and accept the terms to use this image + user = "ubuntu", + group = "admin", + name = "ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-*", + owner = "aws-marketplace", + architecture = "x86_64", + workfolder = "~" + }, + rocky-8 = { # WARNING! you must subscribe and accept the terms to use this image + user = "ec2-user", + group = "wheel", + name = "Rocky-8-EC2-Base-8*", + owner = "aws-marketplace", + architecture = "x86_64", + workfolder = "~" + }, + # the goal for these search strings is to keep them as stable as possible without specifying a version that is EOL + # our users often rely on extended support from RHEL, so we don't consider odd numbered minors which are inelegible for that + # https://access.redhat.com/support/policy/updates/errata + # therefore the search found here is the most recent even minor that has been released + # expect RHEL 9.4 in June 2024 + rhel-9 = { + user = "ec2-user", + group = "wheel", + name = "RHEL-9.2.*_HVM-*-x86_64-*-Hourly2-GP3", + owner = "amazon", + architecture = "x86_64", + workfolder = "~" + }, + # following the same lines as rhel-9 this will be the most recent even minor that has been released + # expect RHEL 8.10 in June 2024 + rhel-8 = { + user = "ec2-user", + group = "wheel", + name = "RHEL-8.8.*_HVM-*-x86_64-*-Hourly2-GP3", + owner = "amazon", + architecture = "x86_64", + workfolder = "~" + }, + } +} ``` @@ -57,7 +154,7 @@ The choices are detailed [in the server module](./modules/server/types.tf) and b The specific use case for the example modules is temporary infrastructure for testing purposes. With that in mind, it is not expected that we manage the resources as a team, therefore the state files are all stored locally. -If you would like to store the state files remotely, add a terraform backend file (`*.name.tfbackend`) to your implementation module. +If you would like to store the state files remotely, add a terraform backend file (`*.name.tfbackend`) to your root module. https://www.terraform.io/language/settings/backends/configuration#file ## Development and Testing @@ -65,11 +162,11 @@ https://www.terraform.io/language/settings/backends/configuration#file ### Paradigms and Expectations Please make sure to read [terraform.md](./terraform.md) to understand the paradigms and expectations that this module has for development. -This is a "Core" module, as such it is not allowed to call other modules, and must only generate resources. ### Environment -It is important to us that all collaborators have the ability to develop in similar environments, so we use tools which enable this as much as possible. +It is important to us that all collaborators have the ability to develop in similar environments, + so we use tools which enable this as much as possible. These tools are not necessary, but they can make it much simpler to collaborate. * I use [nix](https://nixos.org/) that I have installed using [their recommended script](https://nixos.org/download.html#nix-install-macos) @@ -80,10 +177,6 @@ These tools are not necessary, but they can make it much simpler to collaborate. * This means that specifying the file to test (as follows) will fail: `go test -v -timeout 40m -parallel 10 basic_test.go` * To run an individual test I navigate to the `tests` directory and run `go test -v -timeout 40m -parallel 10 -run ` * eg. `go test -v -timeout 40m -parallel 10 -run TestBasic` -* I use `override.tf` files to change the values of `examples` to personalized data so that I can run them. - * some examples use variables so that I can dynamically add values in tests -* I store my GitHub credentials in a local file and generate a symlink to them named `~/.config/github/default/rc` - * this will be automatically sourced when you enter the nix environment (and unloaded when you leave) -Our continuous integration tests in the GitHub [ubuntu-latest runner](https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md), which has many different things installed and does not rely on Nix. -It also uses a custom role and user which has been set up for it. + +Our continuous integration tests in the GitHub [ubuntu-latest runner](https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md). It is free for public repositories, we use Nix to add dependencies to it for building and testing. diff --git a/examples/basic/basic/README.md b/examples/basic/basic/README.md deleted file mode 100644 index b791eac..0000000 --- a/examples/basic/basic/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Basic Example - -This is an example of using this module to deploy a small sles15 server on AWS. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v basic_test.go`. diff --git a/examples/basic/basic/main.tf b/examples/basic/basic/main.tf index bd113b0..5a16a2c 100644 --- a/examples/basic/basic/main.tf +++ b/examples/basic/basic/main.tf @@ -11,30 +11,29 @@ locals { category = "basic" example = "basic" email = "terraform-ci@suse.com" - name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" + name = "tf-${local.category}-${local.example}-${local.identifier}" username = "tf-${local.identifier}" key_name = var.key_name image = "sles-15" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" ssh_key_name = local.key_name } -module "TestBasic" { +module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version @@ -45,7 +44,8 @@ module "TestBasic" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" - security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name + subnet_name = local.name + security_group_name = local.name + add_public_ip = true cloudinit_timeout = "6" } diff --git a/examples/basic/basic/outputs.tf b/examples/basic/basic/outputs.tf index 8a9938c..21610b4 100644 --- a/examples/basic/basic/outputs.tf +++ b/examples/basic/basic/outputs.tf @@ -1,4 +1,4 @@ output "user_data" { - value = module.TestBasic.user_data + value = module.this.user_data sensitive = true } \ No newline at end of file diff --git a/examples/basic/noaccess/main.tf b/examples/basic/noaccess/main.tf index 4b0186d..32e359b 100644 --- a/examples/basic/noaccess/main.tf +++ b/examples/basic/noaccess/main.tf @@ -16,7 +16,7 @@ locals { } # selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email @@ -33,7 +33,7 @@ module "aws_access" { # we are expecting the server to not get a public ip, preventing outside access module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version diff --git a/examples/basic/noaccess/variables.tf b/examples/basic/noaccess/variables.tf index d125822..e960ce9 100644 --- a/examples/basic/noaccess/variables.tf +++ b/examples/basic/noaccess/variables.tf @@ -1,11 +1,3 @@ -variable "key" { - type = string - -} -variable "key_name" { - type = string - -} variable "identifier" { type = string } diff --git a/examples/basic/noscripts/main.tf b/examples/basic/noscripts/main.tf index 1eefecf..afb307b 100644 --- a/examples/basic/noscripts/main.tf +++ b/examples/basic/noscripts/main.tf @@ -11,30 +11,29 @@ locals { category = "basic" example = "noscripts" email = "terraform-ci@suse.com" - name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" + name = "tf-${local.category}-${local.example}-${local.identifier}" username = "tf-${local.identifier}" key_name = var.key_name image = "sles-15" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version @@ -45,7 +44,7 @@ module "this" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name cloudinit_timeout = "6" disable_scripts = true # disable running scripts on the server diff --git a/examples/basic/privateip/main.tf b/examples/basic/privateip/main.tf index 4510b01..6860a11 100644 --- a/examples/basic/privateip/main.tf +++ b/examples/basic/privateip/main.tf @@ -16,16 +16,14 @@ locals { subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .228 to .237 } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email vpc_name = local.name - vpc_cidr = "10.0.255.0/24" # gives 255 usable addresses from .1 to .255, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 subnet_name = local.name - subnet_cidr = local.subnet_cidr - availability_zone = "us-west-1b" # check what availability zones are available in your region before setting this + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "internal" skip_ssh = true @@ -34,7 +32,7 @@ module "aws_access" { # we are expecting the server to not get a public ip, preventing outside access module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version @@ -45,7 +43,7 @@ module "this" { user = local.username subnet_name = local.name security_group_name = local.name - private_ip = cidrhost(local.subnet_cidr, -2) # get next to last ip from cidr, should be 10.0.255.254 + private_ip = cidrhost(local.subnet_cidr, -3) # get third to last ip from cidr, should be 10.0.255.236 cloudinit_timeout = "6" skip_key = true # don't associate an ssh key to the server # the config automatically disables scripts when not assigning an ssh key diff --git a/examples/basic/privateip/variables.tf b/examples/basic/privateip/variables.tf index d125822..e960ce9 100644 --- a/examples/basic/privateip/variables.tf +++ b/examples/basic/privateip/variables.tf @@ -1,11 +1,3 @@ -variable "key" { - type = string - -} -variable "key_name" { - type = string - -} variable "identifier" { type = string } diff --git a/examples/basic/publicip/main.tf b/examples/basic/publicip/main.tf index dcd0aa6..1728108 100644 --- a/examples/basic/publicip/main.tf +++ b/examples/basic/publicip/main.tf @@ -16,16 +16,14 @@ locals { subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .228 to .237 } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email vpc_name = local.name - vpc_cidr = "10.0.255.0/24" # gives 255 usable addresses from .1 to .255, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 subnet_name = local.name - subnet_cidr = local.subnet_cidr - availability_zone = "us-west-1b" # check what availability zones are available in your region before setting this + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "internal" skip_ssh = true @@ -34,7 +32,7 @@ module "aws_access" { # we are expecting the server to not get a public ip, preventing outside access module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version @@ -45,7 +43,7 @@ module "this" { user = local.username subnet_name = local.name security_group_name = local.name - private_ip = cidrhost(local.subnet_cidr, -2) # get next to last ip from cidr, should be 10.0.255.254 + private_ip = cidrhost(local.subnet_cidr, -3) # get third to last ip from cidr, should be 10.0.255.236 add_public_ip = true ssh_key = var.key ssh_key_name = var.key_name diff --git a/examples/os/rhel8/README.md b/examples/os/rhel8/README.md deleted file mode 100644 index 4f7a652..0000000 --- a/examples/os/rhel8/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# RHEL8 Example - -This is an example of using this module to deploy a small rhel8 server on AWS. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test os_test.go` or `go test -v -run TestRhel8`. diff --git a/examples/os/rhel8/main.tf b/examples/os/rhel8/main.tf index cc50c6e..18487ed 100644 --- a/examples/os/rhel8/main.tf +++ b/examples/os/rhel8/main.tf @@ -11,31 +11,31 @@ locals { category = "os" example = "rhel8" email = "terraform-ci@suse.com" - name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" - username = "tf-ci-${local.identifier}" + name = "tf-${local.category}-${local.example}-${local.identifier}" + username = "tf-${local.identifier}" image = "rhel-8" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestRhel8" { +module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version @@ -46,6 +46,7 @@ module "TestRhel8" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + add_public_ip = true + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name } diff --git a/examples/os/rhel8cis/README.md b/examples/os/rhel8cis/README.md deleted file mode 100644 index 04d80bd..0000000 --- a/examples/os/rhel8cis/README.md +++ /dev/null @@ -1,11 +0,0 @@ -# Basic CIS Example - -This is an example of using this module to deploy a small rhel 8 server using the CIS provided STIG Benchmarked image on AWS. - -WARNING! This image requires a subscription and will cost a bit extra. - -The only way I could find to subscribe was to login to the EC2 console and apply here: -https://aws.amazon.com/marketplace/seller-profile?id=dfa1e6a8-0b7b-4d35-a59c-ce272caee4fc&ref_=beagle - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -parallel=10 -timeout=20m -run=TestRhel8Cis`. diff --git a/examples/os/rhel8cis/main.tf b/examples/os/rhel8cis/main.tf index dc7c95a..63c8131 100644 --- a/examples/os/rhel8cis/main.tf +++ b/examples/os/rhel8cis/main.tf @@ -14,28 +14,28 @@ locals { name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" username = "tf-${local.identifier}" image = "rhel-8-cis" # https://github.com/rancher/terraform-aws-server/blob/main/modules/image/types.tf - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestRhel8Cis" { +module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version @@ -46,6 +46,6 @@ module "TestRhel8Cis" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name } diff --git a/examples/os/rhel9/README.md b/examples/os/rhel9/README.md deleted file mode 100644 index f05c07a..0000000 --- a/examples/os/rhel9/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# RHEL9 Example - -This is an example of using this module to deploy a small rhel8 server on AWS. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -parallel=10 -timeout=20m -run=TestRhel9`. diff --git a/examples/os/rhel9/main.tf b/examples/os/rhel9/main.tf index 2b8036b..a5ab48d 100644 --- a/examples/os/rhel9/main.tf +++ b/examples/os/rhel9/main.tf @@ -14,28 +14,28 @@ locals { name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" username = "tf-ci-${local.identifier}" image = "rhel-9" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestRhel9" { +module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version @@ -46,6 +46,6 @@ module "TestRhel9" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name } diff --git a/examples/os/rocky8/README.md b/examples/os/rocky8/README.md deleted file mode 100644 index 22132fd..0000000 --- a/examples/os/rocky8/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Rocky8 Example - -This is an example of using this module to deploy a small rocky-8 server on AWS. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestRocky8`. diff --git a/examples/os/rocky8/main.tf b/examples/os/rocky8/main.tf index 73e634f..3674b0f 100644 --- a/examples/os/rocky8/main.tf +++ b/examples/os/rocky8/main.tf @@ -14,29 +14,28 @@ locals { name = "tf-aws-server-test-${local.category}-${local.example}-${local.identifier}" username = "tf-ci-${local.identifier}" image = "rocky-8" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner - -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestRocky8" { +module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version @@ -47,6 +46,6 @@ module "TestRocky8" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name } diff --git a/examples/os/sles15/README.md b/examples/os/sles15/README.md deleted file mode 100644 index 1415275..0000000 --- a/examples/os/sles15/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# SLES15 Example - -This is an example of using this module to deploy a small sles-15 server on AWS. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestSles15`. diff --git a/examples/os/sles15/main.tf b/examples/os/sles15/main.tf index 286ca14..8fbc8f4 100644 --- a/examples/os/sles15/main.tf +++ b/examples/os/sles15/main.tf @@ -14,28 +14,28 @@ locals { name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" username = "tf-ci-${local.identifier}" image = "sles-15" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestSles15" { +module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version @@ -46,6 +46,6 @@ module "TestSles15" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name } diff --git a/examples/os/sles15cis/README.md b/examples/os/sles15cis/README.md deleted file mode 100644 index 5a0ea04..0000000 --- a/examples/os/sles15cis/README.md +++ /dev/null @@ -1,11 +0,0 @@ -# Basic CIS Example - -This is an example of using this module to deploy a small sles15 server using the CIS Benchmark Level 1 approved image on AWS. - -WARNING! This image requires a subscription and will cost a bit extra. - -The only way I could find to subscribe was to login to the EC2 console and apply here: -https://aws.amazon.com/marketplace/seller-profile?id=dfa1e6a8-0b7b-4d35-a59c-ce272caee4fc&ref_=beagle - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -parallel=10 -timeout=20m -run=TestSles15Cis`. diff --git a/examples/os/sles15cis/main.tf b/examples/os/sles15cis/main.tf index 65c192d..dfc85bd 100644 --- a/examples/os/sles15cis/main.tf +++ b/examples/os/sles15cis/main.tf @@ -14,28 +14,28 @@ locals { name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" username = "tf-ci-${local.identifier}" image = "sles-15-cis" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestSles15Cis" { +module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version @@ -46,6 +46,6 @@ module "TestSles15Cis" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name } diff --git a/examples/os/ubuntu20/README.md b/examples/os/ubuntu20/README.md deleted file mode 100644 index aad255c..0000000 --- a/examples/os/ubuntu20/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Ubuntu 20 Example - -This is an example of using this module to deploy a small ubuntu-20 server on AWS. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestUbuntu20`. diff --git a/examples/os/ubuntu20/main.tf b/examples/os/ubuntu20/main.tf index 0ac9f10..fd492c2 100644 --- a/examples/os/ubuntu20/main.tf +++ b/examples/os/ubuntu20/main.tf @@ -14,27 +14,28 @@ locals { name = "tf-aws-server-test-${local.category}-${local.example}-${local.identifier}" username = "tf-ci-${local.identifier}" image = "ubuntu-20" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { + +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestUbuntu20" { +module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version @@ -45,6 +46,6 @@ module "TestUbuntu20" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name } diff --git a/examples/os/ubuntu22/README.md b/examples/os/ubuntu22/README.md deleted file mode 100644 index 978dbb7..0000000 --- a/examples/os/ubuntu22/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Ubuntu 22 Example - -This is an example of using this module to deploy a small ubuntu-22 server on AWS. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestUbuntu22`. diff --git a/examples/os/ubuntu22/main.tf b/examples/os/ubuntu22/main.tf index 4ea94c2..5b997f6 100644 --- a/examples/os/ubuntu22/main.tf +++ b/examples/os/ubuntu22/main.tf @@ -14,28 +14,28 @@ locals { name = "tf-aws-server-test-${local.category}-${local.example}-${local.identifier}" username = "tf-ci-${local.identifier}" image = "ubuntu-22" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestUbuntu22" { +module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version @@ -46,6 +46,6 @@ module "TestUbuntu22" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name } diff --git a/examples/overrides/association/main.tf b/examples/overrides/association/main.tf index bb89736..e428830 100644 --- a/examples/overrides/association/main.tf +++ b/examples/overrides/association/main.tf @@ -7,25 +7,23 @@ provider "aws" { } locals { - identifier = var.identifier # this is a random unique string that can be used to identify resources in the cloud provider - category = "overrides" - example = "association" - email = "terraform-ci@suse.com" - name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" - username = "tf-ci-${local.identifier}" - image = "ami-09b2a1e33ce552e68" # this must be an AMI in your region - public_ssh_key = var.key - key_name = var.key_name - server_id = var.server + identifier = var.identifier # this is a random unique string that can be used to identify resources in the cloud provider + category = "overrides" + example = "association" + email = "terraform-ci@suse.com" + setup = "tf-${local.category}-${local.example}-${local.identifier}" + name = "tf-${local.category}-${local.example}-${local.identifier}-sut" + image = "ami-09b2a1e33ce552e68" # this must be an AMI in your region + key_name = var.key_name + server_id = var.server } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.setup + subnet_name = local.setup security_group_name = local.name security_group_type = "specific" ssh_key_name = local.key_name @@ -33,7 +31,7 @@ module "aws_access" { module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" image_id = local.image @@ -42,8 +40,8 @@ module "this" { image_workfolder = "~" owner = local.email name = local.name - id = local.server_id # server must already exist outside of this terraform config - subnet_name = "default" + id = local.server_id # server must already exist outside of this terraform config, see ./setup/ + subnet_name = local.setup security_group_name = local.name # usually when selecting a server nothing is created, diff --git a/examples/overrides/association/setup/main.tf b/examples/overrides/association/setup/main.tf index 18e361f..f61bdb4 100644 --- a/examples/overrides/association/setup/main.tf +++ b/examples/overrides/association/setup/main.tf @@ -11,28 +11,29 @@ locals { category = "overrides" example = "association" email = "terraform-ci@suse.com" - name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" - username = "tf-ci-${local.identifier}" + name = "tf-${local.category}-${local.example}-${local.identifier}" + username = "tf-${local.identifier}" image = "ami-09b2a1e33ce552e68" # this must be an AMI in your region public_ssh_key = var.key key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "setup_access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } module "this" { depends_on = [ - module.aws_access, + module.setup_access, ] source = "../../../../" image_id = local.image # if you specify an image_id, you must also specify the initial_user, admin_group, and workfolder @@ -45,6 +46,6 @@ module "this" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name } diff --git a/examples/overrides/association/setup/outputs.tf b/examples/overrides/association/setup/outputs.tf index 9986a26..61e062c 100644 --- a/examples/overrides/association/setup/outputs.tf +++ b/examples/overrides/association/setup/outputs.tf @@ -18,4 +18,7 @@ output "cpu" { } output "storage" { value = module.this.storage +} +output "identifier" { + value = local.identifier } \ No newline at end of file diff --git a/examples/overrides/association/variables.tf b/examples/overrides/association/variables.tf index d2aa60e..c8b1bcd 100644 --- a/examples/overrides/association/variables.tf +++ b/examples/overrides/association/variables.tf @@ -1,10 +1,5 @@ -variable "key" { - type = string - -} variable "key_name" { type = string - } variable "identifier" { type = string diff --git a/examples/overrides/select_all/main.tf b/examples/overrides/select_all/main.tf index e0a0a26..c0d62ee 100644 --- a/examples/overrides/select_all/main.tf +++ b/examples/overrides/select_all/main.tf @@ -7,33 +7,31 @@ provider "aws" { } locals { - identifier = var.identifier # this is a random unique string that can be used to identify resources in the cloud provider - category = "overrides" - example = "select_all" - email = "terraform-ci@suse.com" - name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" - username = "tf-ci-${local.identifier}" - image = "ami-09b2a1e33ce552e68" # this must be an AMI in your region - public_ssh_key = var.key - key_name = var.key_name - server_id = var.server + identifier = var.identifier # this is a random unique string that can be used to identify resources in the cloud provider + category = "overrides" + example = "select_all" + email = "terraform-ci@suse.com" + name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" + image = "ami-09b2a1e33ce552e68" # this must be an AMI in your region + server_id = var.server } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" image_id = local.image @@ -43,6 +41,6 @@ module "this" { owner = local.email name = local.name id = local.server_id # server must already exist outside of this terraform config - subnet_name = "default" + subnet_name = local.name security_group_name = local.name } diff --git a/examples/overrides/select_all/setup/main.tf b/examples/overrides/select_all/setup/main.tf index 4929611..b1dbf72 100644 --- a/examples/overrides/select_all/setup/main.tf +++ b/examples/overrides/select_all/setup/main.tf @@ -18,21 +18,22 @@ locals { key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../../" image_id = local.image # if you specify an image_id, you must also specify the initial_user, admin_group, and workfolder @@ -45,6 +46,6 @@ module "this" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name } diff --git a/examples/overrides/select_all/variables.tf b/examples/overrides/select_all/variables.tf index d2aa60e..d44be5b 100644 --- a/examples/overrides/select_all/variables.tf +++ b/examples/overrides/select_all/variables.tf @@ -1,11 +1,3 @@ -variable "key" { - type = string - -} -variable "key_name" { - type = string - -} variable "identifier" { type = string } diff --git a/examples/overrides/select_image/README.md b/examples/overrides/select_image/README.md deleted file mode 100644 index f0764a5..0000000 --- a/examples/overrides/select_image/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# Image Only Example - -This is an example of using this module to select information rather than creating anything. -This will select the image from the image types and retrieve information about it. -Please see ./image/types.tf for more information on the opinionated image selection this module provides. - -NOTE: This module does not create images, it may select them or skip them (potentially requiring the user to provide more information), but it won't create them. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests/overrides directory and run the test with `go test -v -run TestImageOnly`. diff --git a/examples/overrides/select_image/main.tf b/examples/overrides/select_image/main.tf index 3a1cc44..5d99394 100644 --- a/examples/overrides/select_image/main.tf +++ b/examples/overrides/select_image/main.tf @@ -1,4 +1,4 @@ -module "TestSelectImage" { +module "this" { source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version image = "sles-15" diff --git a/examples/overrides/select_image/outputs.tf b/examples/overrides/select_image/outputs.tf index b306c65..9986a26 100644 --- a/examples/overrides/select_image/outputs.tf +++ b/examples/overrides/select_image/outputs.tf @@ -1,21 +1,21 @@ output "private_ip" { - value = module.TestSelectImage.private_ip + value = module.this.private_ip } output "public_ip" { - value = module.TestSelectImage.public_ip + value = module.this.public_ip } output "id" { - value = module.TestSelectImage.id + value = module.this.id } output "ami" { - value = module.TestSelectImage.ami + value = module.this.ami } output "ram" { - value = module.TestSelectImage.ram + value = module.this.ram } output "cpu" { - value = module.TestSelectImage.cpu + value = module.this.cpu } output "storage" { - value = module.TestSelectImage.storage + value = module.this.storage } \ No newline at end of file diff --git a/examples/overrides/server_only/README.md b/examples/overrides/server_only/README.md deleted file mode 100644 index 9905f2e..0000000 --- a/examples/overrides/server_only/README.md +++ /dev/null @@ -1,8 +0,0 @@ -# Server Only Example - -This is an example of using this module to deploy a small sles15 server, specifying the ami to use. -If you specify an image_id, you must also specify the admin_group and initial_user. -These are used to login to the server for the first time and set up a new user as specified by "username". - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestServerOnly`. diff --git a/examples/overrides/server_only/main.tf b/examples/overrides/server_only/main.tf index a00b3bc..e5d9a28 100644 --- a/examples/overrides/server_only/main.tf +++ b/examples/overrides/server_only/main.tf @@ -14,27 +14,27 @@ locals { name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" username = "tf-ci-${local.identifier}" image = "ami-09b2a1e33ce552e68" # this must be an AMI in your region - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestServerOnly" { - depends_on = [module.aws_access] +module "this" { + depends_on = [module.access] source = "../../../" image_id = local.image # if you specify an image_id, you must also specify the initial_user, admin_group, and workfolder image_initial_user = "ec2-user" # if you specify an image_id, you must also specify the initial_user, admin_group, and workfolder @@ -46,6 +46,6 @@ module "TestServerOnly" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name } diff --git a/examples/overrides/server_only/outputs.tf b/examples/overrides/server_only/outputs.tf index a2fd31c..9986a26 100644 --- a/examples/overrides/server_only/outputs.tf +++ b/examples/overrides/server_only/outputs.tf @@ -1,21 +1,21 @@ output "private_ip" { - value = module.TestServerOnly.private_ip + value = module.this.private_ip } output "public_ip" { - value = module.TestServerOnly.public_ip + value = module.this.public_ip } output "id" { - value = module.TestServerOnly.id + value = module.this.id } output "ami" { - value = module.TestServerOnly.ami + value = module.this.ami } output "ram" { - value = module.TestServerOnly.ram + value = module.this.ram } output "cpu" { - value = module.TestServerOnly.cpu + value = module.this.cpu } output "storage" { - value = module.TestServerOnly.storage + value = module.this.storage } \ No newline at end of file diff --git a/examples/region/useast1/README.md b/examples/region/useast1/README.md deleted file mode 100644 index c186fc0..0000000 --- a/examples/region/useast1/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Us-East-1 Example - -This is an example of using this module to deploy a small sles15 server in the us-east-1 region. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestUsEast1`. diff --git a/examples/region/useast1/main.tf b/examples/region/useast1/main.tf index 2f38826..e697046 100644 --- a/examples/region/useast1/main.tf +++ b/examples/region/useast1/main.tf @@ -20,21 +20,23 @@ locals { # root modules should be secured properly (including the state), and should represent your running infrastructure } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } + # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag in AWS -module "TestUseast1" { - depends_on = [module.aws_access] +module "this" { + depends_on = [module.access] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version image = local.image @@ -44,6 +46,6 @@ module "TestUseast1" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name } diff --git a/examples/region/useast2/README.md b/examples/region/useast2/README.md deleted file mode 100644 index 7c46a7c..0000000 --- a/examples/region/useast2/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# US-East-2 Example - -This is an example of using this module to deploy a small sles15 server on AWS in the us-east-2 region. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. - `go test -v -run TestUsEast2`. diff --git a/examples/region/useast2/main.tf b/examples/region/useast2/main.tf index f9a6b8d..95c33b7 100644 --- a/examples/region/useast2/main.tf +++ b/examples/region/useast2/main.tf @@ -15,26 +15,27 @@ locals { name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" username = "tf-ci-${local.identifier}" image = "sles-15" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } + # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestUseast2" { - depends_on = [module.aws_access] +module "this" { + depends_on = [module.access] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version image = local.image @@ -44,6 +45,6 @@ module "TestUseast2" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name } diff --git a/examples/region/uswest1/README.md b/examples/region/uswest1/README.md deleted file mode 100644 index 8b8589e..0000000 --- a/examples/region/uswest1/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Us-West-1 Example - -This is an example of using this module to deploy a small sles15 server on AWS in the us-west-1 region. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestUsWest1`. diff --git a/examples/region/uswest1/main.tf b/examples/region/uswest1/main.tf index 608ccbb..dd14836 100644 --- a/examples/region/uswest1/main.tf +++ b/examples/region/uswest1/main.tf @@ -12,7 +12,7 @@ locals { category = "region" example = "uswest1" email = "terraform-ci@suse.com" - name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" + name = "tf-${local.category}-${local.example}-${local.identifier}" username = "tf-ci-${local.identifier}" image = "sles-15" public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key @@ -20,21 +20,23 @@ locals { # root modules should be secured properly (including the state), and should represent your running infrastructure } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } + # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestUswest1" { - depends_on = [module.aws_access] +module "this" { + depends_on = [module.access] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version image = local.image @@ -44,6 +46,6 @@ module "TestUswest1" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name } diff --git a/examples/region/uswest2/main.tf b/examples/region/uswest2/main.tf index f480bbe..8c8435f 100644 --- a/examples/region/uswest2/main.tf +++ b/examples/region/uswest2/main.tf @@ -19,25 +19,24 @@ locals { key_name = var.key_name } -module "aws_access" { +module "access" { source = "rancher/access/aws" - version = "v1.1.0" + version = "v1.1.1" owner = local.email vpc_name = local.name vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 subnet_name = local.name subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 - subnet_public_ip = true security_group_name = local.name security_group_type = "internal" - ssh_key_name = local.key_name + skip_ssh = true } # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestUswest2" { +module "this" { depends_on = [ - module.aws_access + module.access ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version diff --git a/examples/securitygroups/egress/README.md b/examples/securitygroups/egress/README.md deleted file mode 100644 index 03ee69e..0000000 --- a/examples/securitygroups/egress/README.md +++ /dev/null @@ -1,17 +0,0 @@ -# Egress Security Group Example - -This is an example of using this module to deploy a small sles15 server on AWS with the "egress" security group type. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestEgress` - - -## Security Group Type - -We provide a selection of security group "types" which produces archetypical objects in AWS. - -The basic security group adds the single IP of the server running Terraform, allowing it access to the server created for the purpose of validation and configuration, we call this type "specific". - -The next security group adds to the "specific" group by adding rules to allow for internal subnet traffic, in this type the subnet cidr is allowed for both ingress and egress. This type is called "internal". - -The next security group duplicates the "internal" type, then adds rules to allow egress only to the public internet. This is helpful if you want to be able to upgrade your server, or if you need your server to be able to download packages from the internet, but you don't want the public internet to be able to initiate connections with your server. Thie type is called "egress", and is the type selected for this example. diff --git a/examples/securitygroups/egress/main.tf b/examples/securitygroups/egress/main.tf index 30142ed..406279b 100644 --- a/examples/securitygroups/egress/main.tf +++ b/examples/securitygroups/egress/main.tf @@ -14,26 +14,26 @@ locals { name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" username = "tf-ci-${local.identifier}" image = "sles-15" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "egress" - ssh_key_name = local.key_name + skip_ssh = true } -module "TestEgress" { +module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version @@ -44,6 +44,6 @@ module "TestEgress" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name } diff --git a/examples/securitygroups/internal/README.md b/examples/securitygroups/internal/README.md deleted file mode 100644 index 3bb8c26..0000000 --- a/examples/securitygroups/internal/README.md +++ /dev/null @@ -1,14 +0,0 @@ -# Internal Security Group Example - -This is an example of using this module to deploy a small sles15 server on AWS with the "egress" security group type. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestInternal` - -## Security Group Type - -We provide a selection of security group "types" which produces archetypical objects in AWS. - -The basic security group adds the single IP of the server running Terraform, allowing it access to the server created for the purpose of validation and configuration, we call this type "specific". - -The next security group adds to the "specific" group by adding rules to allow for internal subnet traffic, in this type the subnet cidr is allowed for both ingress and egress. This type is called "internal", and is the type selected for this example. diff --git a/examples/securitygroups/internal/main.tf b/examples/securitygroups/internal/main.tf index 0ba8b87..9c09c80 100644 --- a/examples/securitygroups/internal/main.tf +++ b/examples/securitygroups/internal/main.tf @@ -11,29 +11,29 @@ locals { category = "securitygroups" example = "internal" email = "terraform-ci@suse.com" - name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" + name = "tf-${local.category}-${local.example}-${local.identifier}" username = "tf-ci-${local.identifier}" image = "sles-15" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "internal" - ssh_key_name = local.key_name + skip_ssh = true } -module "TestInternal" { +module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version @@ -44,6 +44,6 @@ module "TestInternal" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name } diff --git a/examples/securitygroups/public/README.md b/examples/securitygroups/public/README.md deleted file mode 100644 index d93a20f..0000000 --- a/examples/securitygroups/public/README.md +++ /dev/null @@ -1,18 +0,0 @@ -# Public Security Group Example - -This is an example of using this module to deploy a small sles15 server on AWS with the "egress" security group type. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestPublic` - -## Security Group Type - -We provide a selection of security group "types" which produces archetypical objects in AWS. - -The basic security group adds the single IP of the server running Terraform, allowing it access to the server created for the purpose of validation and configuration, we call this type "specific". - -The next security group adds to the "specific" group by adding rules to allow for internal subnet traffic, in this type the subnet cidr is allowed for both ingress and egress. This type is called "internal". - -The next security group duplicates the "internal" type, then adds rules to allow egress only to the public internet. This is helpful if you want to be able to upgrade your server, or if you need your server to be able to download packages from the internet, but you don't want the public internet to be able to initiate connections with your server. This type is called "egress". - -The final, and most permissive security group type is called "public". This adds to the "egress" rule set allowing public access from any IP. This essentially opens your server up to the general public, and is the type selected for this example. diff --git a/examples/securitygroups/public/main.tf b/examples/securitygroups/public/main.tf index b7a71d3..97ba267 100644 --- a/examples/securitygroups/public/main.tf +++ b/examples/securitygroups/public/main.tf @@ -14,26 +14,26 @@ locals { name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" username = "tf-ci-${local.identifier}" image = "sles-15" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "public" - ssh_key_name = local.key_name + skip_ssh = true } -module "TestPublic" { +module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version @@ -44,6 +44,6 @@ module "TestPublic" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name } diff --git a/examples/securitygroups/specific/README.md b/examples/securitygroups/specific/README.md deleted file mode 100644 index 8625730..0000000 --- a/examples/securitygroups/specific/README.md +++ /dev/null @@ -1,12 +0,0 @@ -# Specific Security Group Example - -This is an example of using this module to deploy a small sles15 server on AWS with the "egress" security group type. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestSpecific` - -## Security Group Type - -We provide a selection of security group "types" which produces archetypical objects in AWS. - -The basic security group adds the single IP of the server running Terraform, allowing it access to the server created for the purpose of validation and configuration, we call this type "specific". This is the type selected for this example. diff --git a/examples/securitygroups/specific/main.tf b/examples/securitygroups/specific/main.tf index e49525f..caf9ee1 100644 --- a/examples/securitygroups/specific/main.tf +++ b/examples/securitygroups/specific/main.tf @@ -14,26 +14,26 @@ locals { name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" username = "tf-ci-${local.identifier}" image = "sles-15" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } -module "TestSpecific" { +module "this" { depends_on = [ - module.aws_access, + module.access, ] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version @@ -44,6 +44,6 @@ module "TestSpecific" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name } diff --git a/examples/size/large/README.md b/examples/size/large/README.md deleted file mode 100644 index 7d7458d..0000000 --- a/examples/size/large/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Large Server Example - -This is an example of using this module to deploy a large sles15 server. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestLarge`. diff --git a/examples/size/large/main.tf b/examples/size/large/main.tf index 71a673e..8fcb6a8 100644 --- a/examples/size/large/main.tf +++ b/examples/size/large/main.tf @@ -20,22 +20,23 @@ locals { # root modules should be secured properly (including the state), and should represent your running infrastructure } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestLarge" { - depends_on = [module.aws_access] +module "this" { + depends_on = [module.access] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version image = local.image @@ -45,6 +46,6 @@ module "TestLarge" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name } diff --git a/examples/size/medium/README.md b/examples/size/medium/README.md deleted file mode 100644 index 61e538d..0000000 --- a/examples/size/medium/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Medium Server Example - -This is an example of using this module to deploy a med sles15 server. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestMedium`. diff --git a/examples/size/medium/main.tf b/examples/size/medium/main.tf index b2cb228..075633a 100644 --- a/examples/size/medium/main.tf +++ b/examples/size/medium/main.tf @@ -15,27 +15,27 @@ locals { username = "tf-ci-${local.identifier}" image = "sles-15" size = "medium" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestMedium" { - depends_on = [module.aws_access] +module "this" { + depends_on = [module.access] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version image = local.image @@ -45,6 +45,6 @@ module "TestMedium" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name } diff --git a/examples/size/small/README.md b/examples/size/small/README.md deleted file mode 100644 index fc2578c..0000000 --- a/examples/size/small/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Small Server Example - -This is an example of using this module to deploy a small sles15 server. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestSmall`. diff --git a/examples/size/small/main.tf b/examples/size/small/main.tf index 9cc2d82..4e2c1f9 100644 --- a/examples/size/small/main.tf +++ b/examples/size/small/main.tf @@ -15,26 +15,27 @@ locals { username = "tf-ci-${local.identifier}" image = "sles-15" size = "small" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } + # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestSmall" { - depends_on = [module.aws_access] +module "this" { + depends_on = [module.access] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version image = local.image @@ -44,6 +45,6 @@ module "TestSmall" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name } diff --git a/examples/size/xl/README.md b/examples/size/xl/README.md deleted file mode 100644 index 6637ee6..0000000 --- a/examples/size/xl/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Extra Large Server Example - -This is an example of using this module to deploy an xl sles15 server. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestXl`. diff --git a/examples/size/xl/main.tf b/examples/size/xl/main.tf index ad14867..a29431e 100644 --- a/examples/size/xl/main.tf +++ b/examples/size/xl/main.tf @@ -15,26 +15,26 @@ locals { username = "tf-ci-${local.identifier}" image = "sles-15" size = "xl" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestXl" { - depends_on = [module.aws_access] +module "this" { + depends_on = [module.access] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version image = local.image @@ -44,6 +44,6 @@ module "TestXl" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" - security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name + subnet_name = local.name + security_group_name = local.name } diff --git a/examples/size/xxl/README.md b/examples/size/xxl/README.md deleted file mode 100644 index 9c2f168..0000000 --- a/examples/size/xxl/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Extra Extra Large Server Example - -This is an example of using this module to deploy an extra extra large sles15 server. - -This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform. -If you would like to test this example go to the ./tests directory and run the test with `go test -v -run TestXxl`. diff --git a/examples/size/xxl/main.tf b/examples/size/xxl/main.tf index e9e3d24..67008c0 100644 --- a/examples/size/xxl/main.tf +++ b/examples/size/xxl/main.tf @@ -11,30 +11,31 @@ locals { category = "size" example = "xxl" email = "terraform-ci@suse.com" - name = "tf-aws-server-${local.category}-${local.example}-${local.identifier}" + name = "tf-${local.category}-${local.example}-${local.identifier}" username = "tf-ci-${local.identifier}" image = "sles-15" size = "xxl" - public_ssh_key = var.key # I don't normally recommend this, but it allows tests to supply their own key - key_name = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules - # root modules should be secured properly (including the state), and should represent your running infrastructure + public_ssh_key = var.key + key_name = var.key_name } -# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner -module "aws_access" { +module "access" { source = "rancher/access/aws" version = "v1.1.1" owner = local.email - vpc_name = "default" - subnet_name = "default" + vpc_name = local.name + vpc_cidr = "10.0.255.0/24" # gives 256 usable addresses from .1 to .254, but AWS reserves .1 to .4 and .255, leaving .5 to .254 + subnet_name = local.name + subnet_cidr = "10.0.255.224/28" # gives 14 usable addresses from .225 to .238, but AWS reserves .225 to .227 and .238, leaving .227 to .237 security_group_name = local.name security_group_type = "specific" - ssh_key_name = local.key_name + skip_ssh = true } + # aws_access returns a security group object from the aws api, but the name attribute isn't the same as the Name tag # this is an rare example of when the name attribute is different than the Name tag -module "TestXxl" { - depends_on = [module.aws_access] +module "test" { + depends_on = [module.access] source = "../../../" # change this to "rancher/server/aws" per https://registry.terraform.io/modules/rancher/server/aws/latest # version = "v0.0.15" # when using this example you will need to set the version image = local.image @@ -44,6 +45,6 @@ module "TestXxl" { user = local.username ssh_key = local.public_ssh_key ssh_key_name = local.key_name - subnet_name = "default" + subnet_name = local.name security_group_name = local.name # WARNING: security_group.name isn't the same as security_group->tags->Name } diff --git a/modules/image/variables.tf b/modules/image/variables.tf index ab7d541..13c42e2 100644 --- a/modules/image/variables.tf +++ b/modules/image/variables.tf @@ -1,4 +1,5 @@ variable "id" { + type = string description = <<-EOT An AMI to select. Don't use this is if you want to search for an AMI. @@ -7,6 +8,7 @@ variable "id" { default = "" } variable "type" { + type = string description = <<-EOT A type from the types.tf file. Types represent a standard set of opinionated options that we select for you. @@ -15,6 +17,7 @@ variable "type" { default = "" } variable "initial_user" { + type = string description = <<-EOT This isn't used if a type is selected. The initial user on the AMI, this is used for the initial connection. @@ -24,6 +27,7 @@ variable "initial_user" { default = "" } variable "admin_group" { + type = string description = <<-EOT The linux group considered 'admin' on the AMI. The initial user will be added to this group, it must have sudo access. @@ -32,6 +36,7 @@ variable "admin_group" { default = "" } variable "workfolder" { + type = string description = <<-EOT This isn't used if a type is selected. The folder where scripts will be copied to and run from on the AMI. diff --git a/modules/server/main.tf b/modules/server/main.tf index 3139f3b..3898267 100644 --- a/modules/server/main.tf +++ b/modules/server/main.tf @@ -15,16 +15,20 @@ locals { type = (local.create ? local.types[var.type] : {}) image_id = var.image_id initial_user = var.image_initial_user + initial_user_home = "/home/${local.initial_user}" + initial_workspace = replace(var.image_workfolder, "~", "") # WARNING! '~' can't go to the server! you will see "scp: permission denied" errors + workfolder = (local.initial_workspace == "" ? local.initial_user_home : local.initial_workspace) admin_group = var.image_admin_group - workfolder = ((var.image_workfolder == "~" || var.image_workfolder == "") ? "/home/${local.initial_user}" : var.image_workfolder) cloudinit_script = var.cloudinit_script cloudinit_timeout = var.cloudinit_timeout - skip_key = var.skip_key # skip the association of a keypair to the server - ssh_key = (local.skip_key ? "" : var.ssh_key) # empty key if not associating a key - ssh_key_name = (local.skip_key ? "" : var.ssh_key_name) # empty key name if not associating a key - associate_key = (local.skip_key ? false : true) # associate key is the opposite of skip_key - disable_scripts = (var.disable_scripts || local.skip_key ? true : false) # disable scripts if not associating an ssh key - enable_scripts = (local.disable_scripts ? false : true) # enable scripts is the opposite of disable scripts + skip_key = var.skip_key # skip the association of a keypair to the server + ssh_key = (local.skip_key ? "" : var.ssh_key) # empty key if not associating a key + ssh_key_name = (local.skip_key ? "" : var.ssh_key_name) # empty key name if not associating a key + associate_key = (local.skip_key ? false : true) # associate key is the opposite of skip_key + no_public_ip = (local.eip ? false : true) # opposite of add_public_ip + disable_scripts = (var.disable_scripts || local.skip_key || local.no_public_ip ? true : false) # disable scripts if not associating an ssh key or public ip + enable_scripts = (local.disable_scripts ? false : true) # enable scripts is the opposite of disable scripts + user_data = templatefile("${path.module}/cloudinit.tpl", { initial_user = local.initial_user admin_group = local.admin_group @@ -34,7 +38,7 @@ locals { script = indent(6, local.cloudinit_script) }) } -# WARNING! When selecting a server it is assumed that no additional resources are required (unless forcing group) +# WARNING! When selecting a server it is assumed that no additional resources are required (unless forcing security group creation) data "aws_instance" "selected" { count = (local.select ? 1 : 0) instance_id = local.id @@ -112,11 +116,15 @@ resource "aws_instance" "created" { instance_type = local.type.id user_data_replace_on_change = true # forces a replace when the user data changes, this is often what we want to prevent security issues - #associate_public_ip_address = false # this will be handled in interfaces attached to the instance and subnet rules + # kubernetes expects the primary interface to keep its IP + # the server resource will generate a device 0 interface if one is not given + # so the only way to control the primary interface is to provide it like this + # this necessitates the network interface being created before the server network_interface { network_interface_id = aws_network_interface.created[0].id device_index = 0 } + instance_initiated_shutdown_behavior = "stop" # termination can be handled by destroy or separately user_data_base64 = base64encode(local.user_data) availability_zone = data.aws_subnet.general_info[0].availability_zone @@ -126,6 +134,7 @@ resource "aws_instance" "created" { Name = local.name User = local.user Owner = local.owner + Home = local.workfolder } root_block_device { @@ -139,8 +148,11 @@ resource "aws_instance" "created" { } lifecycle { ignore_changes = [ - tags, - root_block_device.0.tags, + tags, # amazon updates tags automatically, ignore this change + tags_all, # amazon updates tags automatically, ignore this change + root_block_device[0].tags_all, # amazon updates tags automatically, ignore this change + availability_zone, # this is dependant on the aws subnet lookup and if not ignored will cause the server to always rebuild + network_interface, # this is dependant on the aws subnet lookup and if not ignored will cause the server to always rebuild ] } } diff --git a/modules/server/variables.tf b/modules/server/variables.tf index e872778..4e2e4b2 100644 --- a/modules/server/variables.tf +++ b/modules/server/variables.tf @@ -115,14 +115,8 @@ variable "eip" { variable "ip" { type = string description = <<-EOT - Ipv4 address to associate with the server, it must be within the usable addresses in the subnet given. - EOT - default = "" -} -variable "ipv6" { - type = string - description = <<-EOT - Ipv6 address to associate with the server, it must be within the usable addresses in the subnet given. + Private IP address to associate with the server, it must be within the usable addresses in the subnet given. + Assigning a specific public IP address is not available yet. EOT default = "" } diff --git a/tests/overrides_test.go b/tests/overrides_test.go index bdce11d..c8aa877 100644 --- a/tests/overrides_test.go +++ b/tests/overrides_test.go @@ -87,7 +87,8 @@ func TestAssociation(t *testing.T) { defer teardown(t, category, setupDirectory, setupKeyPair) defer terraform.Destroy(t, setupTerraformOptions) terraform.InitAndApply(t, setupTerraformOptions) - output := terraform.Output(t, setupTerraformOptions, "id") + serverId := terraform.Output(t, setupTerraformOptions, "id") + uniqueId := terraform.Output(t, setupTerraformOptions, "identifier") // after setup completes we can run the actual test, passing in the server id from setup terraformOptions, keyPair := setup(t, category, directory, region, owner) @@ -96,6 +97,7 @@ func TestAssociation(t *testing.T) { defer sshAgent.Stop() defer teardown(t, category, directory, keyPair) defer terraform.Destroy(t, terraformOptions) - terraformOptions.Vars["server"] = output + terraformOptions.Vars["identifier"] = uniqueId + terraformOptions.Vars["server"] = serverId terraform.InitAndApply(t, terraformOptions) }