Merge pull request #167 from suizman/terraform-0.12

Update deploy AWS to support terraform v0.12.9 Closes #166 Former-commit-id: fc35222
BBVA · Sep 30, 2019 · d85de11 · d85de11
2 parents 798789d + 8ba7442
commit d85de11
Show file tree

Hide file tree

Showing 23 changed files with 223 additions and 231 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -24,11 +24,13 @@ WORKDIR /go/src/github.com/bbva/qed
 # Install deps.
 RUN apt update -qq && apt install -qq -y autoconf cmake
 
-# Build C deps. 
+# Download C deps. 
 RUN echo Cloning repo: ${REPO} with branch: ${BRANCH}
 RUN git clone --depth 1 -b ${BRANCH} ${REPO} .  &&\
-    git submodule update --init --recursive     &&\
-    cd c-deps                                   &&\
+    git submodule update --init --recursive
+
+# Build C deps. 
+RUN cd c-deps       &&\
     ./builddeps.sh
 
 FROM golang:1.12.5

diff --git a/deploy/aws/config.tf b/deploy/aws/config.tf
@@ -16,7 +16,7 @@
 
 # Bucket config must be here: https://github.com/hashicorp/terraform/issues/13589
 terraform {
-  required_version = ">= 0.11.11"
+  required_version = ">= 0.12.9"
 
   backend "s3" {
     bucket = "terraform-qed-cluster"
@@ -26,8 +26,8 @@ terraform {
 }
 
 provider "aws" {
-  version = ">= 1.56.0, < 2.0"
-  profile = "${var.aws_profile}"
+  version = ">= 2.7.0"
+  profile = var.aws_profile
 }
 
 provider "http" {
@@ -37,3 +37,4 @@ provider "http" {
 provider "null" {
   version = "~> 2.0"
 }
+
diff --git a/deploy/aws/flavour.tf b/deploy/aws/flavour.tf
diff --git a/deploy/aws/main.tf b/deploy/aws/main.tf
@@ -24,114 +24,116 @@ data "aws_iam_policy_document" "CloudWatchLogsFullAccess-assume-role-policy" {
 }
 
 resource "aws_iam_role" "CloudWatchLogsFullAccess" {
-  name               = "CloudWatchLogsFullAccess-${terraform.workspace}"
+  name                 = "CloudWatchLogsFullAccess-${terraform.workspace}"
   permissions_boundary = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/PermissionsBoundariesBBVA"
-  assume_role_policy = "${data.aws_iam_policy_document.CloudWatchLogsFullAccess-assume-role-policy.json}"
+  assume_role_policy   = data.aws_iam_policy_document.CloudWatchLogsFullAccess-assume-role-policy.json
 }
 
 resource "aws_iam_role_policy_attachment" "CloudWatchLogsFullAccess-attach" {
-  role       = "${aws_iam_role.CloudWatchLogsFullAccess.name}"
+  role       = aws_iam_role.CloudWatchLogsFullAccess.name
   policy_arn = "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"
 }
 
 resource "aws_iam_instance_profile" "qed-profile" {
   name = "qed-profile-${terraform.workspace}"
-  role = "${aws_iam_role.CloudWatchLogsFullAccess.name}"
+  role = aws_iam_role.CloudWatchLogsFullAccess.name
 }
 
 module "qed" {
-  source = "./modules/qed"
-  count  = 3
+  source    = "./modules/qed"
+  instances = 3
 
   name                   = "qed"
   instance_type          = "z1d.xlarge"
-  iam_instance_profile   = "${aws_iam_instance_profile.qed-profile.name}"
+  iam_instance_profile   = aws_iam_instance_profile.qed-profile.name
   volume_size            = "20"
-  vpc_security_group_ids = "${aws_security_group.qed.id}"
-  subnet_id              = "${aws_subnet.qed.id}"
-  key_name               = "${aws_key_pair.qed.key_name}"
-  key_path               = "${var.keypath}"
+  vpc_security_group_ids = aws_security_group.qed.id
+  subnet_id              = aws_subnet.qed.id
+  key_name               = aws_key_pair.qed.key_name
+  key_path               = var.keypath
 }
+
 module "inmemory-storage" {
   source = "./modules/inmemory_storage"
 
   name                   = "inmemory-storage"
   instance_type          = "r5.large"
-  iam_instance_profile   = "${aws_iam_instance_profile.qed-profile.name}"
+  iam_instance_profile   = aws_iam_instance_profile.qed-profile.name
   volume_size            = "20"
-  vpc_security_group_ids = "${aws_security_group.qed.id}"
-  subnet_id              = "${aws_subnet.qed.id}"
-  key_name               = "${aws_key_pair.qed.key_name}"
-  key_path               = "${var.keypath}"
+  vpc_security_group_ids = aws_security_group.qed.id
+  subnet_id              = aws_subnet.qed.id
+  key_name               = aws_key_pair.qed.key_name
+  key_path               = var.keypath
 }
 
 module "agent-publisher" {
-  source = "./modules/agent"
-  count  = 1
+  source    = "./modules/agent"
+  instances = 1
 
   role                   = "publisher"
   name                   = "agent-publisher"
   instance_type          = "m5.large"
-  iam_instance_profile   = "${aws_iam_instance_profile.qed-profile.name}"
+  iam_instance_profile   = aws_iam_instance_profile.qed-profile.name
   volume_size            = "20"
-  vpc_security_group_ids = "${aws_security_group.qed.id}"
-  subnet_id              = "${aws_subnet.qed.id}"
-  key_name               = "${aws_key_pair.qed.key_name}"
-  key_path               = "${var.keypath}"
+  vpc_security_group_ids = aws_security_group.qed.id
+  subnet_id              = aws_subnet.qed.id
+  key_name               = aws_key_pair.qed.key_name
+  key_path               = var.keypath
 }
 
 module "agent-monitor" {
-  source = "./modules/agent"
-  count  = 1
+  source    = "./modules/agent"
+  instances = 1
 
   role                   = "monitor"
   name                   = "agent-monitor"
   instance_type          = "m5.large"
-  iam_instance_profile   = "${aws_iam_instance_profile.qed-profile.name}"
+  iam_instance_profile   = aws_iam_instance_profile.qed-profile.name
   volume_size            = "20"
-  vpc_security_group_ids = "${aws_security_group.qed.id}"
-  subnet_id              = "${aws_subnet.qed.id}"
-  key_name               = "${aws_key_pair.qed.key_name}"
-  key_path               = "${var.keypath}"
+  vpc_security_group_ids = aws_security_group.qed.id
+  subnet_id              = aws_subnet.qed.id
+  key_name               = aws_key_pair.qed.key_name
+  key_path               = var.keypath
 }
 
 module "agent-auditor" {
-  source = "./modules/agent"
-  count  = 1
+  source    = "./modules/agent"
+  instances = 1
 
   role                   = "auditor"
   name                   = "agent-auditor"
   instance_type          = "m5.large"
-  iam_instance_profile   = "${aws_iam_instance_profile.qed-profile.name}"
+  iam_instance_profile   = aws_iam_instance_profile.qed-profile.name
   volume_size            = "20"
-  vpc_security_group_ids = "${aws_security_group.qed.id}"
-  subnet_id              = "${aws_subnet.qed.id}"
-  key_name               = "${aws_key_pair.qed.key_name}"
-  key_path               = "${var.keypath}"
+  vpc_security_group_ids = aws_security_group.qed.id
+  subnet_id              = aws_subnet.qed.id
+  key_name               = aws_key_pair.qed.key_name
+  key_path               = var.keypath
 }
 
 module "prometheus" {
   source = "./modules/prometheus"
 
   instance_type          = "m5.large"
-  iam_instance_profile   = "${aws_iam_instance_profile.qed-profile.name}"
+  iam_instance_profile   = aws_iam_instance_profile.qed-profile.name
   volume_size            = "20"
-  vpc_security_group_ids = "${aws_security_group.prometheus.id}"
-  subnet_id              = "${aws_subnet.qed.id}"
-  key_name               = "${aws_key_pair.qed.key_name}"
-  key_path               = "${var.keypath}"
+  vpc_security_group_ids = aws_security_group.prometheus.id
+  subnet_id              = aws_subnet.qed.id
+  key_name               = aws_key_pair.qed.key_name
+  key_path               = var.keypath
 }
 
 module "workload" {
   source = "./modules/workload"
 
   instance_type          = "m5.large"
-  iam_instance_profile   = "${aws_iam_instance_profile.qed-profile.name}"
+  iam_instance_profile   = aws_iam_instance_profile.qed-profile.name
   volume_size            = "20"
-  vpc_security_group_ids = "${aws_security_group.qed.id}"
-  subnet_id              = "${aws_subnet.qed.id}"
-  key_name               = "${aws_key_pair.qed.key_name}"
-  key_path               = "${var.keypath}"
-  endpoint               = "${module.qed.private_ip[0]}"
+  vpc_security_group_ids = aws_security_group.qed.id
+  subnet_id              = aws_subnet.qed.id
+  key_name               = aws_key_pair.qed.key_name
+  key_path               = var.keypath
+  endpoint               = module.qed.*.private_ip[0]
   num_requests           = 10000000
 }
+
diff --git a/deploy/aws/modules/agent/main.tf b/deploy/aws/modules/agent/main.tf
@@ -14,6 +14,7 @@
 
 data "aws_ami" "amazon_linux" {
   most_recent = true
+  owners = ["amazon"]
 
   filter {
     name   = "name"
@@ -27,7 +28,7 @@ data "aws_ami" "amazon_linux" {
 }
 
 resource "aws_instance" "qed-agent" {
-  count                = "${var.count}"
+  count                = "${var.instances}"
   ami                  = "${data.aws_ami.amazon_linux.id}"
   instance_type        = "${var.instance_type}"
   iam_instance_profile = "${var.iam_instance_profile}"
@@ -37,12 +38,12 @@ resource "aws_instance" "qed-agent" {
   associate_public_ip_address = true
   key_name                    = "${var.key_name}"
 
-  root_block_device = [{
+  root_block_device {
     volume_type = "gp2"
     volume_size = "${var.volume_size}"
-  }]
+  }
 
-  tags {
+  tags = {
     Name = "${format("${var.name}-%01d", count.index)}"
     Role = "${var.role}"
     DAM_OnOff = "NO"

diff --git a/deploy/aws/modules/agent/outputs.tf b/deploy/aws/modules/agent/outputs.tf
@@ -1,7 +1,13 @@
 output "private_ip" {
-  value = "${aws_instance.qed-agent.*.private_ip}"
+  value = [
+    for instance in aws_instance.qed-agent:
+    instance.private_ip
+  ]
 }
 
 output "public_ip" {
-  value = "${aws_instance.qed-agent.*.public_ip}"
+  value = [
+    for instance in aws_instance.qed-agent:
+    instance.public_ip
+  ]
 }
diff --git a/deploy/aws/modules/agent/variables.tf b/deploy/aws/modules/agent/variables.tf
@@ -36,7 +36,7 @@ variable "path" {
   default = "/var/tmp/qed"
 }
 
-variable "count" {
+variable "instances" {
   default = 1
 }
 

diff --git a/deploy/aws/modules/inmemory_storage/main.tf b/deploy/aws/modules/inmemory_storage/main.tf
@@ -14,6 +14,7 @@
 
 data "aws_ami" "amazon_linux" {
   most_recent = true
+  owners = ["amazon"]
 
   filter {
     name   = "name"
@@ -37,12 +38,12 @@ resource "aws_instance" "inmemory-storage" {
   associate_public_ip_address = true
   key_name                    = "${var.key_name}"
 
-  root_block_device = [{
+  root_block_device {
     volume_type = "gp2"
     volume_size = "${var.volume_size}"
-  }]
+  }
 
-  tags {
+  tags = {
     Name = "qed-${var.name}"
     Role = "${var.role}"
     DAM_OnOff = "NO"

diff --git a/deploy/aws/modules/inmemory_storage/outputs.tf b/deploy/aws/modules/inmemory_storage/outputs.tf
@@ -1,7 +1,13 @@
 output "private_ip" {
-  value = "${aws_instance.inmemory-storage.private_ip}"
+  value = [
+    for instance in aws_instance.inmemory-storage:
+    instance.private_ip
+  ]
 }
 
 output "public_ip" {
-  value = "${aws_instance.inmemory-storage.public_ip}"
+  value = [
+    for instance in aws_instance.inmemory-storage:
+    instance.public_ip
+  ]
 }
diff --git a/deploy/aws/modules/prometheus/main.tf b/deploy/aws/modules/prometheus/main.tf
@@ -21,6 +21,7 @@
 
 data "aws_ami" "amazon_linux" {
   most_recent = true
+  owners = ["amazon"]
 
   filter {
     name   = "name"
@@ -44,12 +45,12 @@ resource "aws_instance" "prometheus" {
   associate_public_ip_address = true
   key_name                    = "${var.key_name}"
 
-  root_block_device = [{
+  root_block_device {
     volume_type = "gp2"
     volume_size = "${var.volume_size}"
-  }]
+  }
 
-  tags {
+  tags = {
     Name = "qed-prometheus"
     Role = "${var.role}"
     DAM_OnOff = "NO"

diff --git a/deploy/aws/modules/prometheus/outputs.tf b/deploy/aws/modules/prometheus/outputs.tf
@@ -1,7 +1,13 @@
 output "private_ip" {
-  value = "${aws_instance.prometheus.private_ip}"
+  value = [
+    for instance in aws_instance.prometheus:
+    instance.private_ip
+  ]
 }
 
 output "public_ip" {
-  value = "${aws_instance.prometheus.public_ip}"
+  value = [
+    for instance in aws_instance.prometheus:
+    instance.public_ip
+  ]
 }