Skip to content

Added install scripts #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Jul 2, 2018
Merged

Added install scripts #15

merged 13 commits into from
Jul 2, 2018

Conversation

@goruha
Copy link
Member

@goruha goruha commented Jun 11, 2018
edited
Loading

What

  • Added shell script to install tf-state module
  • Added shell script to install root-iam module

Why

  • To simplify installation of tf-state
  • To simplify installation of root-iam

@goruha goruha requested a review from osterman June 11, 2018 17:57
aknysh
aknysh reviewed Jun 11, 2018
View reviewed changes
aws/tfstate-backend/install.sh Outdated
@@ -0,0 +1,23 @@
#!/usr/bin/env bash

sed -i "s/backend/#backend/" main.tf
Copy link
Member

@aknysh aknysh Jun 11, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this will change backend in two other places:
https://github.com/cloudposse/terraform-root-modules/blob/master/aws/tfstate-backend/main.tf#L54
https://github.com/cloudposse/terraform-root-modules/blob/master/aws/tfstate-backend/main.tf#L55

I did this before:

sed -i 's/backend          "s3"             {}/#backend          "s3"             {}/' main.tf
sed -i 's/#backend          "s3"             {}/backend          "s3"             {}/' main.tf```

but it's too fragile and could be broken if the file changes
We need to think of a better way.

aknysh
aknysh reviewed Jun 11, 2018
View reviewed changes
aws/tfstate-backend/install.sh Outdated
echo "yes" | init-terraform


echo "Add to the Geodesic Module Dockerfile following"
Copy link
Member

@aknysh aknysh Jun 11, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add to the Geodesic Module Dockerfile the following ENV vars:

aknysh
aknysh previously requested changes Jun 11, 2018
View reviewed changes
Copy link
Member

@aknysh aknysh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good, a few comments

osterman
osterman reviewed Jun 13, 2018
View reviewed changes
aws/tfstate-backend/install.sh Outdated

## Spaces before and after `backend` required to select right word, because `backend` appears 3 times in main.tf
sed -i "s/ backend / #backend /" main.tf
sed -i "s/ role_arn / #role_arn /" main.tf
Copy link
Member

@osterman osterman Jun 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can't be generally true. This is maybe true for the "root" org, but certainly not on subaccounts.

Copy link
Member

@osterman osterman Jun 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

roles are how we determine the account in which to provision the resources, so if this is not set, terraform won't use the appropriate account.

Copy link
Member

@osterman osterman Jun 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this will need to be an arg. e.g. --disable-role-arn

Copy link
Member

@aknysh aknysh Jun 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, we disable the role only in the root account and only once at cold start when we provision iam and we don't have any roles yet

Copy link
Contributor

@tamsky tamsky Jun 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the way I typically do something like this, is:
have two different make targets with
two different "invisible-to-terraform™" versions of the resource definitions:

  • provider-with-assume-role.tf.in
  • provider-bootstrap.tf.in

and the make targets look like:

bootstrap:
    rm -f provider.tf
    ln -s provider-bootstrap.tf.in provider.tf

default:
   rm -f provider.tf
   ln -s provider-with-assume-role.tf.in provider.tf

and the install script then looks closer to:

init-terraform
make bootstrap
terraform plan -input=false -out=install-plan &&
  terraform apply -input=false install-plan &&
  mv -v install-plan install-plan.applied

osterman
osterman reviewed Jun 13, 2018
View reviewed changes
aws/tfstate-backend/install.sh Outdated
init-terraform
terraform plan

export TF_BUCKET=$(echo "yes" | terraform apply | grep -o -e "tfstate_backend_s3_bucket_id\s=\s.*" | cut -d ' ' -f 3)
Copy link
Member

@osterman osterman Jun 13, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Clever, but use terraform output instead.

export TF_BUCKET=$(terraform output -json | jq -r .tfstate_backend_s3_bucket_id.value)

osterman
osterman reviewed Jun 13, 2018
View reviewed changes
aws/tfstate-backend/install.sh
echo "Add to the Geodesic Module Dockerfile following"
echo "#----------------------------------------------"
echo "ENV TF_BUCKET=\"${TF_BUCKET}\""
echo "ENV TF_BUCKET_REGION=\"${TF_BUCKET_REGION}\""
Copy link
Member

@osterman osterman Jun 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Output lock table too:

terraform output -json | jq -r .tfstate_backend_dynamodb_table_id.value

osterman
osterman reviewed Jun 13, 2018
View reviewed changes
aws/tfstate-backend/install.sh Outdated

sed -i "s/ #role_arn / role_arn /" main.tf

echo "Add to the Geodesic Module Dockerfile following"
Copy link
Member

@osterman osterman Jun 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add the following to the Geodesic Module's Dockerfile:

osterman
osterman reviewed Jun 13, 2018
View reviewed changes
aws/tfstate-backend/install.sh Outdated
#!/usr/bin/env bash

## Spaces before and after `backend` required to select right word, because `backend` appears 3 times in main.tf
sed -i "s/ backend / #backend /" main.tf
Copy link
Member

@osterman osterman Jun 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's be more precise.

sed -Ei 's/^(\s+backend\s+)/#\1/' main.tf

osterman
osterman reviewed Jun 13, 2018
View reviewed changes
aws/tfstate-backend/install.sh Outdated
export TF_BUCKET_REGION=${TF_VAR_region}

## Spaces before and after `backend` required to select right word, because `backend` appears 3 times in main.tf
sed -i "s/ #backend / backend /" main.tf
Copy link
Member

@osterman osterman Jun 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use regex style from above.

osterman
osterman reviewed Jun 13, 2018
View reviewed changes
aws/tfstate-backend/install.sh Outdated

echo "yes" | init-terraform

sed -i "s/ #role_arn / role_arn /" main.tf
Copy link
Member

@osterman osterman Jun 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use regex style from above

osterman
osterman reviewed Jun 13, 2018
View reviewed changes
aws/tfstate-backend/install.sh
echo "ENV TF_BUCKET=\"${TF_BUCKET}\""
echo "ENV TF_BUCKET_REGION=\"${TF_BUCKET_REGION}\""
echo "#----------------------------------------------"
echo "And rebuild the module"
Copy link
Member

@osterman osterman Jun 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Then rebuild the geodesic module.

osterman
osterman reviewed Jun 13, 2018
View reviewed changes
aws/tfstate-backend/install.sh

init-terraform
terraform plan

Copy link
Member

@osterman osterman Jun 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Run terraform apply here.

osterman
osterman reviewed Jun 15, 2018
View reviewed changes
aws/accounts/install.sh Outdated
#!/usr/bin/env bash

## Spaces before and after `backend` required to select right word, because `backend` appears 3 times in main.tf
sed -i "s/ role_arn / #role_arn /" main.tf
Copy link
Member

@osterman osterman Jun 15, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See previous PR comments. This was not updated.

osterman
osterman reviewed Jun 15, 2018
View reviewed changes
aws/cloudtrail/install.sh Outdated
@@ -0,0 +1,12 @@
#!/usr/bin/env bash
Copy link
Member

@osterman osterman Jun 15, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't want this script duplicated into each project. If we need that, then move it to geodesic

@osterman osterman mentioned this pull request Jun 15, 2018
Merged
tamsky
tamsky reviewed Jun 16, 2018
View reviewed changes
aws/accounts/install.sh Outdated
sed -i "s/ role_arn / #role_arn /" main.tf

init-terraform
terraform plan
Copy link
Contributor

@tamsky tamsky Jun 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggest perhaps:

init-terraform
terraform plan -input=false -out=install-plan &&
  terraform apply -input=false install-plan &&
  mv install-plan install-plan.applied

aws/tfstate-backend/install.sh Outdated

## Spaces before and after `backend` required to select right word, because `backend` appears 3 times in main.tf
sed -i "s/ backend / #backend /" main.tf
sed -i "s/ role_arn / #role_arn /" main.tf
Copy link
Contributor

@tamsky tamsky Jun 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the way I typically do something like this, is:
have two different make targets with
two different "invisible-to-terraform™" versions of the resource definitions:

  • provider-with-assume-role.tf.in
  • provider-bootstrap.tf.in

and the make targets look like:

bootstrap:
    rm -f provider.tf
    ln -s provider-bootstrap.tf.in provider.tf

default:
   rm -f provider.tf
   ln -s provider-with-assume-role.tf.in provider.tf

and the install script then looks closer to:

init-terraform
make bootstrap
terraform plan -input=false -out=install-plan &&
  terraform apply -input=false install-plan &&
  mv -v install-plan install-plan.applied

goruha added 3 commits June 23, 2018 20:20
@goruha
Merge branch 'master' into feature-add-install-tf-state
2a4abd1 
* master:
  Separate `iam` into `root-iam` and `iam` (#18)
  fix usage syntax of data.aws_availability_zones... (#16)
@goruha
Fix roles
4874b2a
@goruha
Address comments
92bfaa3
@osterman
Copy link
Member

osterman commented Jun 26, 2018

Fix PR name

@goruha goruha changed the title Added install ts-state script Added install scripts Jun 26, 2018
@osterman osterman dismissed aknysh’s stale review July 2, 2018 17:15

comments addressed

@goruha goruha merged commit 3f2ec13 into master Jul 2, 2018
@goruha goruha deleted the feature-add-install-tf-state branch July 2, 2018 17:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aknysh aknysh aknysh left review comments

@osterman osterman osterman approved these changes

+1 more reviewer

@tamsky tamsky tamsky left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@osterman osterman

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@goruha @osterman @tamsky @aknysh