From b23621fc25972ee67811a7cee9e47eefc1e82db9 Mon Sep 17 00:00:00 2001
From: "W. Trevor King" <wking@tremily.us>
Date: Tue, 31 Jul 2018 08:24:28 -0700
Subject: [PATCH] modules/aws/ami: Add a new module to get CoreOS AMIs

Centralize this logic, which had previously been copied between three
modules.  I've also made the AWS region an explicit variable, instead
of having the lower level modules reaching up to the
tectonic_aws_region global.
---
 modules/aws/ami/README.md            | 27 ++++++++++++++++++++
 modules/aws/ami/main.tf              | 38 ++++++++++++++++++++++++++++
 modules/aws/ami/outputs.tf           |  4 +++
 modules/aws/ami/variables.tf         | 30 ++++++++++++++++++++++
 modules/aws/etcd/README.md           |  7 ++++-
 modules/aws/etcd/nodes.tf            | 32 ++++-------------------
 modules/aws/etcd/variables.tf        |  9 +++++++
 modules/aws/master-asg/master.tf     | 29 +++++----------------
 modules/aws/master-asg/variables.tf  |  9 +++++++
 modules/aws/worker-asg/variables.tf  |  9 +++++++
 modules/aws/worker-asg/worker.tf     | 29 +++++----------------
 steps/etcd/aws/etcd.tf               |  1 +
 steps/joining_workers/aws/workers.tf |  1 +
 steps/masters/aws/main.tf            |  1 +
 14 files changed, 154 insertions(+), 72 deletions(-)
 create mode 100644 modules/aws/ami/README.md
 create mode 100644 modules/aws/ami/main.tf
 create mode 100644 modules/aws/ami/outputs.tf
 create mode 100644 modules/aws/ami/variables.tf

diff --git a/modules/aws/ami/README.md b/modules/aws/ami/README.md
new file mode 100644
index 00000000000..61f43f421e8
--- /dev/null
+++ b/modules/aws/ami/README.md
@@ -0,0 +1,27 @@
+# Container Linux AMI Module
+
+This [Terraform][] [module][] supports `latest` versions for [Container Linux][container-linux] release channels and returns an appropriate [AMI][].
+
+## Example
+
+From the module directory:
+
+```console
+$ terraform init
+$ terraform apply --var region=us-east-1
+$ terraform output id
+ami-ab6963d4
+$ terraform apply --var region=us-east-1 --var release_channel=alpha
+$ terraform output id
+ami-985953e7
+$ terraform apply --var region=us-east-2 --var release_channel=alpha --var release_version=1814.0.0
+$ terraform output id
+ami-c25f66a7
+```
+
+When you're done, clean up by removing the `.terraform` directory created by `init` and the `terraform.tfstate*` files created by `apply`.
+
+[AMI]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html
+[container-linux]: https://coreos.com/os/docs/latest/
+[module]: https://www.terraform.io/docs/modules/
+[Terraform]: https://www.terraform.io/
diff --git a/modules/aws/ami/main.tf b/modules/aws/ami/main.tf
new file mode 100644
index 00000000000..1593457145e
--- /dev/null
+++ b/modules/aws/ami/main.tf
@@ -0,0 +1,38 @@
+provider "aws" {
+  region  = "${var.region}"
+  version = "1.8.0"
+}
+
+locals {
+  ami_owner = "595879546273"
+  arn       = "aws"
+}
+
+module "container_linux" {
+  source = "../../container_linux"
+
+  release_channel = "${var.release_channel}"
+  release_version = "${var.release_version}"
+}
+
+data "aws_ami" "coreos_ami" {
+  filter {
+    name   = "name"
+    values = ["CoreOS-${var.release_channel}-${module.container_linux.version}-*"]
+  }
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name   = "owner-id"
+    values = ["${local.ami_owner}"]
+  }
+}
diff --git a/modules/aws/ami/outputs.tf b/modules/aws/ami/outputs.tf
new file mode 100644
index 00000000000..b6ed23ce383
--- /dev/null
+++ b/modules/aws/ami/outputs.tf
@@ -0,0 +1,4 @@
+output "id" {
+  value       = "${data.aws_ami.coreos_ami.image_id}"
+  description = "The selected CoreOS Container Linux AMI ID."
+}
diff --git a/modules/aws/ami/variables.tf b/modules/aws/ami/variables.tf
new file mode 100644
index 00000000000..5b84b10cdd5
--- /dev/null
+++ b/modules/aws/ami/variables.tf
@@ -0,0 +1,30 @@
+variable "region" {
+  type = "string"
+
+  description = <<EOF
+This is the AWS region.
+It is passed through to the Terraform aws provider: https://www.terraform.io/docs/providers/aws/#region
+EOF
+}
+
+variable "release_channel" {
+  type    = "string"
+  default = "stable"
+
+  description = <<EOF
+The Container Linux update channel.
+
+Examples: `stable`, `beta`, `alpha`
+EOF
+}
+
+variable "release_version" {
+  type    = "string"
+  default = "latest"
+
+  description = <<EOF
+The Container Linux version to use. Set to `latest` to select the latest available version for the selected update channel.
+
+Examples: `latest`, `1465.6.0`
+EOF
+}
diff --git a/modules/aws/etcd/README.md b/modules/aws/etcd/README.md
index 4b1ed7c0f67..4776ff2d9a0 100644
--- a/modules/aws/etcd/README.md
+++ b/modules/aws/etcd/README.md
@@ -7,10 +7,14 @@ Read the [etcd recommended hardware guide][hardware] for best performance.
 ## Example
 
 ```hcl
-provider "aws" {
+locals {
   region = "us-east-1"
 }
 
+provider "aws" {
+  region = "${local.region}"
+}
+
 resource "aws_s3_bucket" "etcd_ignition" {
 }
 
@@ -50,6 +54,7 @@ module "etcd" {
   cluster_id     = "123"
   cluster_name   = "my-cluster"
   instance_count = "3"
+  region         = "${local.region}"
   s3_bucket      = "${aws_s3_bucket.etcd_ignition.id}"
   sg_ids         = ["${aws_security_group.etcd.id}"]
   subnets        = ["${aws_subnet.example.id}"]
diff --git a/modules/aws/etcd/nodes.tf b/modules/aws/etcd/nodes.tf
index 99429f67e94..96be2cc39d6 100644
--- a/modules/aws/etcd/nodes.tf
+++ b/modules/aws/etcd/nodes.tf
@@ -1,37 +1,15 @@
 locals {
-  ami_owner = "595879546273"
-  arn       = "aws"
+  arn = "aws"
 }
 
-module "container_linux" {
-  source = "../../container_linux"
+module "ami" {
+  source = "../ami"
 
+  region          = "${var.region}"
   release_channel = "${var.container_linux_channel}"
   release_version = "${var.container_linux_version}"
 }
 
-data "aws_ami" "coreos_ami" {
-  filter {
-    name   = "name"
-    values = ["CoreOS-${var.container_linux_channel}-${module.container_linux.version}-*"]
-  }
-
-  filter {
-    name   = "architecture"
-    values = ["x86_64"]
-  }
-
-  filter {
-    name   = "virtualization-type"
-    values = ["hvm"]
-  }
-
-  filter {
-    name   = "owner-id"
-    values = ["${local.ami_owner}"]
-  }
-}
-
 resource "aws_iam_instance_profile" "etcd" {
   name = "${var.cluster_name}-etcd-profile"
 
@@ -106,7 +84,7 @@ EOF
 
 resource "aws_instance" "etcd_node" {
   count = "${var.instance_count}"
-  ami   = "${coalesce(var.ec2_ami, data.aws_ami.coreos_ami.image_id)}"
+  ami   = "${coalesce(var.ec2_ami, module.ami.id)}"
 
   iam_instance_profile   = "${aws_iam_instance_profile.etcd.name}"
   instance_type          = "${var.ec2_type}"
diff --git a/modules/aws/etcd/variables.tf b/modules/aws/etcd/variables.tf
index 60ddda55dfc..f4aae123447 100644
--- a/modules/aws/etcd/variables.tf
+++ b/modules/aws/etcd/variables.tf
@@ -24,6 +24,15 @@ variable "instance_count" {
   default = "3"
 }
 
+variable "region" {
+  type = "string"
+
+  description = <<EOF
+This is the AWS region.
+It is passed through to the Terraform aws provider: https://www.terraform.io/docs/providers/aws/#region
+EOF
+}
+
 variable "ssh_key" {
   type    = "string"
   default = ""
diff --git a/modules/aws/master-asg/master.tf b/modules/aws/master-asg/master.tf
index aef72b9e850..0fadf1db1c8 100644
--- a/modules/aws/master-asg/master.tf
+++ b/modules/aws/master-asg/master.tf
@@ -1,28 +1,13 @@
 locals {
-  ami_owner = "595879546273"
-  arn       = "aws"
+  arn = "aws"
 }
 
-data "aws_ami" "coreos_ami" {
-  filter {
-    name   = "name"
-    values = ["CoreOS-${var.container_linux_channel}-${var.container_linux_version}-*"]
-  }
-
-  filter {
-    name   = "architecture"
-    values = ["x86_64"]
-  }
+module "ami" {
+  source = "../ami"
 
-  filter {
-    name   = "virtualization-type"
-    values = ["hvm"]
-  }
-
-  filter {
-    name   = "owner-id"
-    values = ["${local.ami_owner}"]
-  }
+  region          = "${var.region}"
+  release_channel = "${var.container_linux_channel}"
+  release_version = "${var.container_linux_version}"
 }
 
 resource "aws_autoscaling_group" "masters" {
@@ -61,7 +46,7 @@ resource "aws_autoscaling_group" "masters" {
 
 resource "aws_launch_configuration" "master_conf" {
   instance_type               = "${var.ec2_type}"
-  image_id                    = "${coalesce(var.ec2_ami, data.aws_ami.coreos_ami.image_id)}"
+  image_id                    = "${coalesce(var.ec2_ami, module.ami.id)}"
   name_prefix                 = "${var.cluster_name}-master-"
   key_name                    = "${var.ssh_key}"
   security_groups             = ["${var.master_sg_ids}"]
diff --git a/modules/aws/master-asg/variables.tf b/modules/aws/master-asg/variables.tf
index 35b325a2851..f0b9314fbe3 100644
--- a/modules/aws/master-asg/variables.tf
+++ b/modules/aws/master-asg/variables.tf
@@ -76,6 +76,15 @@ variable "aws_lbs" {
   default     = []
 }
 
+variable "region" {
+  type = "string"
+
+  description = <<EOF
+This is the AWS region.
+It is passed through to the Terraform aws provider: https://www.terraform.io/docs/providers/aws/#region
+EOF
+}
+
 variable "root_volume_iops" {
   type        = "string"
   default     = "100"
diff --git a/modules/aws/worker-asg/variables.tf b/modules/aws/worker-asg/variables.tf
index 9ef40767344..2883de0dfcc 100644
--- a/modules/aws/worker-asg/variables.tf
+++ b/modules/aws/worker-asg/variables.tf
@@ -58,6 +58,15 @@ variable "autoscaling_group_extra_tags" {
   default     = []
 }
 
+variable "region" {
+  type = "string"
+
+  description = <<EOF
+This is the AWS region.
+It is passed through to the Terraform aws provider: https://www.terraform.io/docs/providers/aws/#region
+EOF
+}
+
 variable "root_volume_type" {
   type        = "string"
   description = "The type of volume for the root block device."
diff --git a/modules/aws/worker-asg/worker.tf b/modules/aws/worker-asg/worker.tf
index fa9540db501..ef415a44ae3 100644
--- a/modules/aws/worker-asg/worker.tf
+++ b/modules/aws/worker-asg/worker.tf
@@ -1,33 +1,18 @@
 locals {
-  ami_owner = "595879546273"
-  arn       = "aws"
+  arn = "aws"
 }
 
-data "aws_ami" "coreos_ami" {
-  filter {
-    name   = "name"
-    values = ["CoreOS-${var.container_linux_channel}-${var.container_linux_version}-*"]
-  }
-
-  filter {
-    name   = "architecture"
-    values = ["x86_64"]
-  }
+module "ami" {
+  source = "../ami"
 
-  filter {
-    name   = "virtualization-type"
-    values = ["hvm"]
-  }
-
-  filter {
-    name   = "owner-id"
-    values = ["${local.ami_owner}"]
-  }
+  region          = "${var.region}"
+  release_channel = "${var.container_linux_channel}"
+  release_version = "${var.container_linux_version}"
 }
 
 resource "aws_launch_configuration" "worker_conf" {
   instance_type        = "${var.ec2_type}"
-  image_id             = "${coalesce(var.ec2_ami, data.aws_ami.coreos_ami.image_id)}"
+  image_id             = "${coalesce(var.ec2_ami, module.ami.id)}"
   name_prefix          = "${var.cluster_name}-worker-"
   key_name             = "${var.ssh_key}"
   security_groups      = ["${var.sg_ids}"]
diff --git a/steps/etcd/aws/etcd.tf b/steps/etcd/aws/etcd.tf
index abb355292b0..a5d00792864 100644
--- a/steps/etcd/aws/etcd.tf
+++ b/steps/etcd/aws/etcd.tf
@@ -58,6 +58,7 @@ module "etcd" {
   ec2_type                = "${var.tectonic_aws_etcd_ec2_type}"
   extra_tags              = "${var.tectonic_aws_extra_tags}"
   instance_count          = "${length(data.template_file.etcd_hostname_list.*.id)}"
+  region                  = "${var.tectonic_aws_region}"
   root_volume_iops        = "${var.tectonic_aws_etcd_root_volume_iops}"
   root_volume_size        = "${var.tectonic_aws_etcd_root_volume_size}"
   root_volume_type        = "${var.tectonic_aws_etcd_root_volume_type}"
diff --git a/steps/joining_workers/aws/workers.tf b/steps/joining_workers/aws/workers.tf
index de29ed68004..b391f8bc0c5 100644
--- a/steps/joining_workers/aws/workers.tf
+++ b/steps/joining_workers/aws/workers.tf
@@ -28,6 +28,7 @@ module "workers" {
   extra_tags                   = "${var.tectonic_aws_extra_tags}"
   instance_count               = "${var.tectonic_worker_count}"
   load_balancers               = "${var.tectonic_aws_worker_load_balancers}"
+  region                       = "${var.tectonic_aws_region}"
   root_volume_iops             = "${var.tectonic_aws_worker_root_volume_iops}"
   root_volume_size             = "${var.tectonic_aws_worker_root_volume_size}"
   root_volume_type             = "${var.tectonic_aws_worker_root_volume_type}"
diff --git a/steps/masters/aws/main.tf b/steps/masters/aws/main.tf
index e30bc61f65b..ecd699ca8ad 100644
--- a/steps/masters/aws/main.tf
+++ b/steps/masters/aws/main.tf
@@ -39,6 +39,7 @@ module "masters" {
   master_sg_ids                = "${concat(var.tectonic_aws_master_extra_sg_ids, list(local.sg_id))}"
   private_endpoints            = "${local.private_endpoints}"
   public_endpoints             = "${local.public_endpoints}"
+  region                       = "${var.tectonic_aws_region}"
   root_volume_iops             = "${var.tectonic_aws_master_root_volume_iops}"
   root_volume_size             = "${var.tectonic_aws_master_root_volume_size}"
   root_volume_type             = "${var.tectonic_aws_master_root_volume_type}"