Merge pull request #275 from dividehex/terraform

Terraform

.gitignore

@@ -62,3 +62,6 @@ docs/_build/
 # Dev env
 logs/*.log
 slaves.json
+
+# Terraform state files
+.terraform

terraform/base/init.sh

@@ -0,0 +1 @@
+../init.sh

terraform/base/initialize.tf

@@ -0,0 +1 @@
+../initialize.tf

terraform/base/provider.tf

@@ -0,0 +1,4 @@
+provider "aws" {
+    region = "${var.region}"
+    profile = "${var.profile}"
+}

terraform/base/resources.tf

@@ -0,0 +1 @@
+../resources.tf

terraform/base/route53.tf

@@ -0,0 +1,94 @@
+# Route 53 resources
+
+# Hosted Zone for mozilla-releng.net
+resource "aws_route53_zone" "mozilla-releng" {
+    name = "mozilla-releng.net."
+}
+
+# A list of CNAMEs for heroku apps
+variable "heroku_cnames" {
+    default = ["archiver",
+               "archiver.staging",
+               "clobberer",
+               "clobberer.staging",
+               "dashboard.shipit",
+               "dashboard.shipit.staging",
+               "mapper",
+               "mapper.staging",
+               "tooltool",
+               "tooltool.staging",
+               "treestatus",
+               "treestatus.staging"]
+}
+
+# CNAME records for heroku apps
+resource "aws_route53_record" "heroku-cname" {
+    zone_id = "${aws_route53_zone.mozilla-releng.zone_id}"
+    name = "${element(var.heroku_cnames, count.index)}.mozilla-releng.net"
+    type = "CNAME"
+    ttl = "180"
+    count = "${length(var.heroku_cnames)}"
+    records = ["${element(var.heroku_cnames, count.index)}.mozilla-releng.net.herokudns.com"]
+}
+
+# Coalesce app cname is unique because it uses the old ssl endpoint
+resource "aws_route53_record" "heroku-coalease-cname" {
+    zone_id = "${aws_route53_zone.mozilla-releng.zone_id}"
+    name = "coalesce.mozilla-releng.net"
+    type = "CNAME"
+    ttl = "180"
+    records = ["oita-54541.herokussl.com"]
+}
+
+# Cloudfront Alias names
+variable "cloudfront_alias" {
+    default = ["docs",
+               "docs.staging",
+               "shipit",
+               "shiptit.staging",
+               "www",
+               "staging"]
+}
+
+# Cloudfront Alias Targets
+# In the future, these may be sourced directly from terraform cloudfront resources
+# should we decide to manage cloudfronts in terraform
+variable "cloudfront_alias_domain" {
+    type = "map"
+    default = {
+        docs = "d1945er7u4liht"
+        docs.staging = "d32jt14rospqzr"
+        shipit = "dve8yd1431ifz"
+        shiptit.staging = "d2ld4e8bl8yd1l"
+        www = "d1qqwps52z1e12"
+        staging = "dpwmwa9tge2p3"
+    }
+}
+
+# A (Alias) records for cloudfront apps
+resource "aws_route53_record" "cloudfront-alias" {
+    zone_id = "${aws_route53_zone.mozilla-releng.zone_id}"
+    name = "${element(var.cloudfront_alias, count.index)}.mozilla-releng.net"
+    type = "A"
+    count = "${length(var.cloudfront_alias)}"
+
+    alias {
+        name = "${var.cloudfront_alias_domain[element(var.cloudfront_alias, count.index)]}.cloudfront.net."
+        zone_id = "Z2FDTNDATAQYW2"
+        evaluate_target_health = false
+    }
+}
+
+# A special root alias that points to www.mozilla-releng.net
+resource "aws_route53_record" "root-alias" {
+    zone_id = "${aws_route53_zone.mozilla-releng.zone_id}"
+    name = "mozilla-releng.net"
+    type = "A"
+
+    alias {
+        name = "www.mozilla-releng.net"
+        zone_id = "${aws_route53_zone.mozilla-releng.zone_id}"
+        evaluate_target_health = false
+    }
+}
+

terraform/base/s3.tf

@@ -0,0 +1,7 @@
+resource "aws_s3_bucket" "base_bucket" {
+    bucket = "${var.base_bucket}"
+    acl = "private"
+    versioning {
+        enabled = true
+    }
+}

terraform/base/terraform.tfvars

@@ -0,0 +1,3 @@
+profile="mozilla-releng"
+env="base"
+region="us-east-1"

terraform/base/variables.tf

@@ -0,0 +1 @@
+../variables.tf

terraform/init.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+#
+set -euf -o pipefail
+
+tfenv=$(basename $(pwd))
+
+# Set up remote state
+terraform remote config -backend=s3 \
+    -backend-config="bucket=tf-base" \
+    -backend-config="key=tf_state/${tfenv}/terraform.tfstate" \
+    -backend-config="region=us-east-1"
+
+# Update modules
+terraform get

terraform/initialize.tf

@@ -0,0 +1,14 @@
+# This file contains empty declarations for variables that will be definied in each
+# environments terraform.tfvars file
+
+variable "profile" {
+    description = "Name of the AWS profile to grab credentials from"
+}
+
+variable "region" {
+    description = "The AWS region to create things in."
+}
+
+variable "env" {
+    description = "Environment name"
+}

terraform/resources.tf

@@ -0,0 +1,14 @@
+# This file contains shared global resources
+
+# Configure remote state
+# Outputs can be accessed via ${data.terraform_remote_state.base.output_name}
+data "terraform_remote_state" "base" {
+    backend = "s3"
+    config {
+        encrypt = true
+        acl = "private"
+        bucket = "${var.base_bucket}"
+        region = "us-east-1"
+        key = "tf_state/base/terraform.tfstate"
+    }
+}

terraform/variables.tf

@@ -0,0 +1,6 @@
+# Global variables
+
+variable "base_bucket" {
+    description = "S3 bucket for storing terraform state, ssh pub keys, etc"
+    default = "tf-base"
+}