Terraform Provision EC2 single node, AMI with Packer, and deploy sing…

…le node to production. closes #5 closes #12

.gitignore

@@ -80,3 +80,23 @@ npm-debug.log
 /priv/plts/*.plt
 /priv/plts/*.plt.hash
 ## Phoenix 
+
+
+## Packer
+# Cache objects
+packer_cache/
+
+# Crash log
+crash.log
+
+# https://www.packer.io/guides/hcl/variables
+# Exclude all .pkrvars.hcl files, which are likely to contain sensitive data, 
+# such as password, private keys, and other secrets. These should not be part of 
+# version control as they are data points which are potentially sensitive and 
+# subject to change depending on the environment.
+#
+*.pkrvars.hcl
+
+# For built boxes
+*.box 
+## Packer 

modules/cloud/aws/compute/swarm/main.tf

@@ -0,0 +1,139 @@
+terraform {
+  required_providers {
+    # https://registry.terraform.io/providers/hashicorp/aws/latest
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.45.0"
+    }
+    # https://registry.terraform.io/providers/hashicorp/tls/latest
+    # 4. Creating a Key Pair with Local and TLS Providers
+    tls = {
+      source = "hashicorp/tls"
+      version = "4.0.5"
+    }
+    # https://registry.terraform.io/providers/hashicorp/local/latest
+    local = {
+      source = "hashicorp/local"
+      version = "2.5.1"
+
+    }
+  }
+}
+
+data "aws_vpc" "main" { 
+  filter {
+    name = "isDefault"
+    values = ["true"] 
+  }
+}
+
+data "aws_subnets" "main_subnets" { 
+  filter {
+    name = "vpc-id"
+    values = [data.aws_vpc.main.id] 
+  }
+}
+
+resource "tls_private_key" "rsa" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+resource "aws_key_pair" "deployer_key" {
+  key_name   = "swarm-key"
+  public_key = tls_private_key.rsa.public_key_openssh
+}
+
+resource "local_sensitive_file" "private_key" {
+  filename        = var.private_key_path
+  content         = tls_private_key.rsa.private_key_pem
+  file_permission = "0400"
+}
+
+data "aws_ami" "amazon_linux_docker" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["amazon-linux-docker*"]
+  }
+  # find with aws cli: aws sts get-caller-identity
+  # owners = ["AWS_ACC_ID_UNSET"]
+  owners = ["447130666878"]
+}
+
+resource "aws_security_group" "swarm_sg" {
+  description            = "launch-wizard-2 created 2024-04-17T22:18:12.426Z"
+  egress = [
+    {
+      cidr_blocks = [
+        "0.0.0.0/0",
+      ]
+      description      = ""
+      from_port        = 0
+      ipv6_cidr_blocks = []
+      prefix_list_ids  = []
+      protocol         = "-1"
+      security_groups  = []
+      self             = false
+      to_port          = 0
+    },
+  ]
+  ingress = [
+    {
+      cidr_blocks = [
+        "0.0.0.0/0",
+      ]
+      description      = ""
+      from_port        = 22
+      ipv6_cidr_blocks = []
+      prefix_list_ids  = []
+      protocol         = "tcp"
+      security_groups  = []
+      self             = false
+      to_port          = 22
+    },
+    {
+      cidr_blocks = [
+        "0.0.0.0/0",
+      ]
+      description      = ""
+      from_port        = 4000
+      ipv6_cidr_blocks = []
+      prefix_list_ids  = []
+      protocol         = "tcp"
+      security_groups  = []
+      self             = false
+      to_port          = 4000
+    },
+  ]
+  tags        = {}
+  tags_all    = {}
+  # vpc_id    = "vpc-0021bbe35d223bc80"
+  vpc_id      = data.aws_vpc.main.id
+}
+
+resource "aws_instance" "belly_swarm" {
+  # ami               = "ami-0d421d84814b7d51c"
+  ami               = data.aws_ami.amazon_linux_docker.id
+  availability_zone = "eu-west-1b"
+  key_name          = aws_key_pair.deployer_key.key_name
+  subnet_id         = data.aws_subnets.main_subnets.ids[1]
+  user_data         = <<-EOF
+              #!/bin/bash
+
+              docker swarm init
+              EOF
+  instance_type     = "t2.micro"
+  tags = {
+    "Name" = "docker-swarm-manager"
+  }
+  vpc_security_group_ids  = [
+    aws_security_group.swarm_sg.id,
+  ]
+}
+
+output "ssh_command" {
+  value       = "ssh -i ${var.private_key_path} ec2-user@${aws_instance.belly_swarm.public_ip}"
+  description = "The SSH command to connect to the instance."
+}

modules/cloud/aws/compute/swarm/variables.tf

@@ -0,0 +1,4 @@
+variable "private_key_path" {
+  description = "The path to the private key file."
+  type        = string
+}

modules/environments/production/main.tf

@@ -0,0 +1,9 @@
+# set up production
+module "swarm" {
+  source = "../../../modules/cloud/aws/compute/swarm" 
+  private_key_path = "${path.module}/private_key.pem"
+}
+
+output "swarm_ssh_command" {
+  value = module.swarm.ssh_command
+}

modules/environments/production/private_key.pem

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAz9INbdZICvmfNjo8kYy77HFTsNT+Cz3A0+5j7A1rLjLoKRVw
+7Ws4qsuiuN7pcnArkX0Aozz4VvsYMTL7XNNPjGOoAKxOBGBhcM5RRVOmI/+9uapL
+y+lDqaS8DUNYl+SZ0HGQaKrkc1+qCrKW6J1lkE6cYfJhasIzj0bgYZe4ZWjxOAHF
+0gnU33uhU+3iP25TbV9db0mV7i1ESylezEFffGL0UkDVp9bNvqF3coroLdjXldSR
+Lcbtls9sD/t54Wnr5Sd1J8SuZ/FL0j2k994J+y+mkqtHwNT/x93ACaPh+w2no8AS
+h7tWsn6lqNcuHgCy3ursoX16K4V/Sew5D0bS7HS2Khm7xWgMk/eG3xjCy9sqe2J+
+QwHmvEh/6O/Ph4T9POkjose4w+xiap7+EJmBZtwG6thdcEoPckQ8CB0s4hJc+nOw
+MkF60lKEYfuDfxaZjz41yrWQdNwQtSX5MwZkMTg4ZnNGh4INYWXjNlxgu2uUdQYL
+aGn7mHTq/GH+TY1A4hnn+zbj1yULxABmwC2j+gRSWF21pCRI8vhS8qQ3KosRTqIV
+3JnHy9z3P04/KsR6DsZyrBdGj8FjLmSa/Li6ZLzw3qn/R5UyX3wYoI1ihK2NQ2Af
+LNEY7wbtdJ1OpO328vzT4q+4kUmWzcs98C6lOotusMVX0w79QKW4WLdQPCkCAwEA
+AQKCAgBAQtqGMTFbu25gzUc3VoYxiaVwU5wui6zZm6hoMIoI4hLpyUh/EZ2XKpqp
+gbw797VxKm8NCuhbtQ74/6O8Q1cguRwVATKqpcbbo+B7iG8iSI05IRCJABs9FMRV
+cZKufTCWxNb7loRHrLge0LRbP3hNVBGFM/atlVluH2N4qfqJ2RZl1B6AYSvi4w6y
+ric8p/fCJS/2HpHu8S5h82vtyvUkuFCGMqgeWwyJutH9qDg9HQUkvnMZ7Z4/+OmY
+U5GPgzo/RKE0Z9vqJjHk08z0HEOH2WcviSkJ1pM1ETu1f2h8Qe+pcdYJBIO9c+3z
+tH39JwgoaAo9sVgapxACIrpOH/9OMZGtT8AageyBeTauVpBSOL90GxrbBSsrhRRe
+bXYUPUSshp8bsmUsAr9XCqAR7dCXf8G2RQXltMJMJTmVDcZlPxIVIM7szQ0vmj42
+29TLaSNvtMGVILSvajVmSJjCMkCYgolX1CDPactMnqcwgpc3YpqvZqrILUtQnLTK
+rD4WGdqiALX/hPhpucb38cqEL3FSkNf4b8MB3rN9zCJmKyJCrtwR25cjFxEq9FZd
+500ASj5khUKaM7le3QShKrMYAFX1vEhzBBE3IMFGdVD5itC17qGTjuELeBGp1Pds
+LfT3EgRCUamf9VVJwUC1Z0QurEQyeMmx7PB22eAjNL8F0XEZEQKCAQEA98SEBU1z
+Nvx2g96X2n/cQG7HwpT6WSMYsXSn33UhHXzopQmF4YH7M1UKLNlAaiklRjt5ELhW
+1775D8Bdb87f5Jr/YWdhnOQYfZJCOGBFTsztLweISBAAin1sUSJxTux91PJ/MPAu
+vrOczUku950qx8LY9WjM69mbryszk3hv08mukqt9wkLIsBGTKajjLm/prKFcqjqc
+7dZmYcxnLVpGF1SRxIhDoNeHS2uio5cYR+9PQXskTKYpKoey+0TNWglFkoAeDXZj
+ch5K+P2QaRAb3bDztdoWjcTC/zntWN+djrvwdPdiQNPBEfV+Kr4EQvoIzMHSpv7X
+A9awmVCp72QvzQKCAQEA1rnAPI89CBubD7s7njxbaQpkX4ky1GuOQ1Q59DBJYf6b
+f2Q5dIwf+jT1GCXKpANV9QeDILckZ0LBccE0q+Iu7iK+fJzNNQfBGlBWO8iSK/ce
+VijkX891DXzkrhgYYFSVxnda/kPB3xhzvD2ehTh3sVjxWyCepl/DF3bm7CZCFCiX
+HpZxq3SeZzlobOZWpkaldLOh7KmvYbwgvETz0M068jScu3umkAI+aPpb7byn6iWG
+o5yyMfEG/ky0tXhcLB++owqtU9s6ZJYKs6W7q5N+8KLEaPbZSK7wSFBcSU7dpY1Y
+VRqr7YUh/nlr7KELiMt8kWkVqzWAjjBdVHig6sbJzQKCAQEAtCT74GcZmCcjfGnB
+eypv16E0OLPc+iZcc9nfnMcq1qfU9vnfj8DUBdSU21ryTL2xzki7k36UFbVSnTM+
+PGbrvuk7OXTTMiFd9R78asUEX3D8Gq+dVNfdrNPYh31FaR7ltojCFbDsK9en8FJ/
+haWOT0PKP1R9ehXz7f65N0Xf+NqwxQ9PFok8JVgB6c5Tr5XLDqscFuEa7IpwUjct
+5Xm3cIsamQyCL1XFlv6hd9QJ4XOL6o5ALEK7t6KGbc7uh8IqBYSFVUB4uaZw2Gx0
+LQ97U0qvR89Tiqw/IxbZDT847WiUQlcD5yKPRCF8JFOYAaKN92INaUHsz2uvZymR
+BO+RGQKCAQAPTCp65gWGF1ljtIYZztkAUcI24DJj2cnH2C9My0ffGGGBoOVK/VSl
+4bH4Z3DZYHd2PnPEF+gbBzF65jXXbQTE6GrDu/QOrB/AvSp3leF8Cl35623huYjw
+Tg6IrKTH8B6/he9QoAkm2LoeFhG+EfjNBLYlNNy4o6flew4Wkt8wSngBsNwmR+el
+GPzsjThtHilZeBa4IpqhDuMSJqNsI8LoUIE+BiAmsFI77mIwPLmFv+iorVgwoKhL
+47EYIJwIdLaDLRaOG9c8JUhb5hnJrndjs2TkyXlPaU8rB7abbmfyDHDXl0/aWxrB
+42qh8BM/Sqf0QBVQHj6rYpyzkOh98W2dAoIBAQCdy7xVz+NTrfRxuxWGdUktIp78
+17nZXzwfjU06PPhfY6qfwyFN9zbM6OpLdWMYdQ+oX7qEXQLA1AQg0iJ87RDYyk3t
+R/VFSKyO3pi8RSDnxVn8gkhwkPyx4pAzM/kkswS+TI0JcgFXtdIS7ynw/knskUKS
+jKCleyr/ptnYqjjVeB3OAns6GANVMP3sIrxB6TQzM6aiyNSCExjREz9eG9J48x+y
+D6NXTbiYlazxkHlNZqDqTF8iWZt9kFB4RP+dZ3cjrk6aTdcOAPNa6pabDfmFIzne
+UbYZYMIfdr3rvdZpI9FdMIsxBD6eJFBX1YLsGA+twV3lPdtNS7eaF5JIUg0f
+-----END RSA PRIVATE KEY-----

packer/aws-docker.pkr.hcl

@@ -0,0 +1,41 @@
+packer {
+  required_plugins {
+    amazon = {
+      version = ">= 1.3.2"
+      source  = "github.com/hashicorp/amazon"
+    }
+  }
+}
+
+source "amazon-ebs" "base" {
+  ami_regions = var.ami_regions
+  // source_ami = "YOUR_AMI_ID"
+  // source_ami = "ami-0d421d84814b7d51c"
+  source_ami_filter {
+    filters = {
+      name = "al2023-ami-2023*" 
+      architecture = "x86_64"
+    }
+    most_recent = true 
+    owners = ["amazon"]
+  }
+  instance_type = "t2.micro"
+  ssh_username = "ec2-user"
+  ami_name = "amazon-linux-docker_{{timestamp}}"
+}
+
+build {
+  sources = ["source.amazon-ebs.base"]
+  provisioner "shell" { 
+    // inline = [
+    //   "sudo dnf update -y",
+    //   "sudo dnf install -y docker",
+    //   "sudo systemctl start docker",
+    //   "sudo systemctl enable docker",
+    //   "sudo usermod -a -G docker ec2-user", "sudo dnf install -y nmap"
+    // ] 
+    script = "setup.sh"
+    # run script after cloud-init finishes to avoid race conditions 
+    execute_command = "cloud-init status --wait && sudo -E sh '{{ .Path }}'"
+  }
+}

packer/setup.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+set -ex
+sudo dnf update -y
+sudo dnf install -y docker
+sudo systemctl start docker
+sudo systemctl enable docker
+sudo usermod -a -G docker ec2-user
+sudo dnf install -y nmap

packer/variables.pkr.hcl

@@ -0,0 +1,4 @@
+variable "ami_regions" {
+  type = list(string)
+  description = "A list of regions where the AMI will be copied to."
+}