Skip to content
This repository has been archived by the owner on Jan 31, 2019. It is now read-only.

fix bug 1146449; pass the secret bucket name to Hiera on provision #41

Merged
merged 1 commit into from Mar 25, 2015
Merged

fix bug 1146449; pass the secret bucket name to Hiera on provision #41

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
14 changes: 14 additions & 0 deletions puppet/modules/socorro/files/etc_puppet/hiera.yaml
View file
Open in desktop
@@ -0,0 +1,14 @@
---
:backends:
- consul
- S3

:consul:
:host: 127.0.0.1
:port: 8500
:paths:
- /v1/kv/hiera

:s3:
:bucket: '@@@SECRET_BUCKET@@@'
:prefix: 'hiera/'
10 changes: 9 additions & 1 deletion puppet/modules/socorro/manifests/init.pp
View file
Open in desktop
Expand Up @@ -82,7 +82,15 @@
owner => 'root',
group => 'root',
mode => '0644',
require => Package['consul']
require => Package['consul'];

# Puppet is already running when this lands, thus it is not available now.
# It is available on any subsequent run, such as during role provision.
'/etc/puppet/hiera.yaml':
source => 'puppet:///modules/socorro/etc_puppet/hiera.yaml',
owner => 'root',
group => 'root',
mode => '0644'
}

}
2 changes: 1 addition & 1 deletion terraform/consul/main.tf
View file
Open in desktop
Expand Up @@ -80,7 +80,7 @@ resource "aws_security_group" "internet_to_consul__ssh" {

resource "aws_launch_configuration" "lc_for_consul_asg" {
name = "${var.environment}__lc_for_consul_asg"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} consul"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} consul ${var.secret_bucket}"
image_id = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
Expand Down
20 changes: 10 additions & 10 deletions terraform/main.tf
View file
Open in desktop
Expand Up @@ -105,7 +105,7 @@ resource "aws_elb" "elb_for_symbolapi" {

resource "aws_launch_configuration" "lc_for_symbolapi_asg" {
name = "${var.environment}__lc_for_symbolapi_asg"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} symbolapi"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} symbolapi ${var.secret_bucket}"
image_id = "${lookup(var.base_ami, var.region)}"
instance_type = "c4.xlarge"
key_name = "${lookup(var.ssh_key_name, var.region)}"
Expand Down Expand Up @@ -171,7 +171,7 @@ resource "aws_elb" "elb_for_collectors" {

resource "aws_launch_configuration" "lc_for_collectors_asg" {
name = "${var.environment}__lc_for_collectors_asg"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} collector"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} collector ${var.secret_bucket}"
image_id = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
Expand Down Expand Up @@ -237,7 +237,7 @@ resource "aws_elb" "elb_for_webapp" {

resource "aws_launch_configuration" "lc_for_webapp_asg" {
name = "${var.environment}__lc_for_webapp_asg"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} webapp"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} webapp ${var.secret_bucket}"
image_id = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
Expand Down Expand Up @@ -303,7 +303,7 @@ resource "aws_elb" "elb_for_middleware" {

resource "aws_launch_configuration" "lc_for_middleware_asg" {
name = "${var.environment}__lc_for_middleware_asg"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} middleware"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} middleware ${var.secret_bucket}"
image_id = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
Expand Down Expand Up @@ -336,7 +336,7 @@ resource "aws_autoscaling_group" "asg_for_middleware" {
# processors
resource "aws_launch_configuration" "lc_for_processors_asg" {
name = "${var.environment}__lc_for_processors_asg"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} processor"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} processor ${var.secret_bucket}"
image_id = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
Expand Down Expand Up @@ -365,7 +365,7 @@ resource "aws_autoscaling_group" "asg_for_processors" {
# admin (crontabber)
resource "aws_launch_configuration" "lc_for_admin_asg" {
name = "${var.environment}__lc_for_admin_asg"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} admin"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} admin ${var.secret_bucket}"
image_id = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
Expand Down Expand Up @@ -427,7 +427,7 @@ resource "aws_elb" "elb_for_rabbitmq" {

resource "aws_launch_configuration" "lc_for_rabbitmq_asg" {
name = "${var.environment}__lc_for_rabbitmq_asg"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} rabbitmq"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} rabbitmq ${var.secret_bucket}"
image_id = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
Expand Down Expand Up @@ -472,7 +472,7 @@ resource "aws_instance" "postgres" {
device_name = "/dev/sda1"
delete_on_termination = "${var.del_on_term}"
}
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} postgres"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} postgres ${var.secret_bucket}"
tags {
Name = "${var.environment}__postgres_${count.index}"
Environment = "${var.environment}"
Expand All @@ -489,7 +489,7 @@ resource "aws_instance" "elasticsearch" {
"${aws_security_group.internet_to_any__ssh.name}",
"${aws_security_group.private_to_private__any.name}"
]
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} elasticsearch"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} elasticsearch ${var.secret_bucket}"
tags {
Name = "${var.environment}__elasticsearch_${count.index}"
Environment = "${var.environment}"
Expand Down Expand Up @@ -549,7 +549,7 @@ resource "aws_elb" "elb_for_buildbox" {

resource "aws_launch_configuration" "lc_for_buildbox_asg" {
name = "${var.environment}__lc_for_buildbox_asg"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} buildbox"
user_data = "${file(\"socorro_role.sh\")} ${var.puppet_archive} buildbox ${var.secret_bucket}"
image_id = "${lookup(var.base_ami, var.region)}"
instance_type = "t2.micro"
key_name = "${lookup(var.ssh_key_name, var.region)}"
Expand Down
7 changes: 7 additions & 0 deletions terraform/socorro_role.sh
View file
Open in desktop
Expand Up @@ -3,12 +3,19 @@
DIR="/tmp/${RANDOM}-${RANDOM}"

function socorro_role {
# Set up the working dir.
mkdir $DIR
pushd $DIR

# Provide the secret bucket name to Hiera (hiera-s3).
sed -i "s:@@@SECRET_BUCKET@@@:${3}:" /etc/puppet/hiera.yaml

# Acquire the Puppet archive.
curl -O $1
# Yoink the filename from the end of the URL
ARCHIVE=`echo $1|awk -F'/' '{print $NF}'`
tar -xvzf $ARCHIVE
# Provision the role.
/usr/bin/env FACTER_socorro_role=$2 \
puppet apply \
--modulepath=${DIR}/puppet/modules \
Expand Down
1 change: 1 addition & 0 deletions terraform/variables.tf
View file
Open in desktop
@@ -1,6 +1,7 @@
variable "environment" {}
variable "access_key" {}
variable "secret_key" {}
variable "secret_bucket" {}
variable "ssh_key_file" {
default = {
us-west-2 = "socorro__us-west-2.pem"
Expand Down