Build VPC and ETCD cluster

wking · Feb 24, 2017 · e2709ba · e2709ba
1 parent 7e79392
commit e2709ba
Show file tree

Hide file tree

Showing 13 changed files with 249 additions and 0 deletions.
diff --git a/aws/etcd/cloudconfig.tf b/aws/etcd/cloudconfig.tf
@@ -0,0 +1,9 @@
+data "template_file" "userdata" {
+  count    = "${var.node_count}"
+  template = "${file("${path.module}/userdata.yaml")}"
+
+  vars {
+    node_name   = "node-${count.index}.${var.etcd_domain}"
+    etcd_domain = "${var.etcd_domain}"
+  }
+}
diff --git a/aws/etcd/dns.tf b/aws/etcd/dns.tf
@@ -0,0 +1,29 @@
+resource "aws_route53_zone" etcd_zone {
+  vpc_id = "${data.aws_vpc.etcd_vpc.id}"
+  name   = "${var.etcd_domain}"
+}
+
+resource "aws_route53_record" "etcd_srv_discover" {
+  name    = "_etcd-server._tcp"
+  type    = "SRV"
+  zone_id = "${aws_route53_zone.etcd_zone.id}"
+  records = ["${formatlist("0 0 2380 %s", aws_route53_record.etc_a_nodes.*.fqdn)}"]
+  ttl     = "300"
+}
+
+resource "aws_route53_record" "etcd_srv_client" {
+  name    = "_etcd-client._tcp"
+  type    = "SRV"
+  zone_id = "${aws_route53_zone.etcd_zone.id}"
+  records = ["${formatlist("0 0 2379 %s", aws_route53_record.etc_a_nodes.*.fqdn)}"]
+  ttl     = "60"
+}
+
+resource "aws_route53_record" "etc_a_nodes" {
+  count   = "${var.node_count}"
+  type    = "A"
+  ttl     = "60"
+  zone_id = "${aws_route53_zone.etcd_zone.id}"
+  name    = "node-${count.index}"
+  records = ["${aws_instance.etcd_node.*.private_ip[count.index]}"]
+}
diff --git a/aws/etcd/network.tf b/aws/etcd/network.tf
@@ -0,0 +1,39 @@
+data "aws_vpc" "etcd_vpc" {
+  id = "${var.vpc_id}"
+}
+
+data "aws_subnet" "az_subnet" {
+  count  = "${var.node_count}"
+  vpc_id = "${data.aws_vpc.etcd_vpc.id}"
+
+  filter = {
+    name   = "availabilityZone"
+    values = ["${data.aws_availability_zones.zones.names[count.index]}"]
+  }
+}
+
+resource "aws_default_security_group" "default_sec_group" {
+  vpc_id = "${data.aws_vpc.etcd_vpc.id}"
+
+  ingress {
+    protocol  = -1
+    self      = true
+    from_port = 0
+    to_port   = 0
+  }
+
+  ingress {
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    from_port   = 22
+    to_port     = 22
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    self        = true
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/aws/etcd/nodes.tf b/aws/etcd/nodes.tf
@@ -0,0 +1,38 @@
+data "aws_availability_zones" "zones" {}
+
+data "aws_ami" "coreos_ami" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["CoreOS-stable-*"]
+  }
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name   = "owner-id"
+    values = ["595879546273"]
+  }
+}
+
+resource "aws_instance" "etcd_node" {
+  count         = "${var.node_count}"
+  ami           = "${data.aws_ami.coreos_ami.id}"
+  instance_type = "t2.medium"
+  subnet_id     = "${data.aws_subnet.az_subnet.*.id[count.index]}"
+  key_name      = "${aws_key_pair.ssh-key.id}"
+  user_data     = "${data.template_file.userdata.*.rendered[count.index]}"
+
+  tags {
+    Name = "node-${count.index}"
+  }
+}
diff --git a/aws/etcd/outputs.tf b/aws/etcd/outputs.tf
@@ -0,0 +1,3 @@
+output "endpoints" {
+  value = "${join(",",formatlist("http://%s:2379",aws_route53_record.etc_a_nodes.*.fqdn))}"
+}
diff --git a/aws/etcd/ssh.tf b/aws/etcd/ssh.tf
@@ -0,0 +1,17 @@
+resource "tls_private_key" "ssh-key-pair" {
+  algorithm = "RSA"
+}
+
+resource "aws_key_pair" "ssh-key" {
+  public_key = "${tls_private_key.ssh-key-pair.public_key_openssh}"
+}
+
+resource "null_resource" "write_ssh_key" {
+  triggers {
+    ssh_key = "aws_key_pair.ssh-key.public_key_openssh"
+  }
+
+  provisioner "local-exec" {
+    command = "echo ${tls_private_key.ssh-key-pair.private_key_pem} > ${path.root}/id_rsa_etcd"
+  }
+}
diff --git a/aws/etcd/userdata.yaml b/aws/etcd/userdata.yaml
@@ -0,0 +1,20 @@
+#cloud-config
+
+hostname: ${node_name}
+
+coreos:
+  update:
+    reboot-strategy: "etcd-lock"
+  etcd2:
+    name: ${node_name}
+    discovery-srv: ${etcd_domain}
+    listen-peer-urls: "http://$private_ipv4:2380"
+    listen-client-urls: "http://0.0.0.0:2379"
+    initial-advertise-peer-urls: "http://${node_name}:2380"
+    advertise-client-urls: "http://${node_name}:2379"
+  units:
+    - name: "etcd.service"
+      enable: false
+    - name: "etcd2.service"
+      enable: false
+      command: start
diff --git a/aws/etcd/variables.tf b/aws/etcd/variables.tf
@@ -0,0 +1,11 @@
+variable "etcd_domain" {
+  type = "string"
+}
+
+variable "node_count" {
+  default = "3"
+}
+
+variable "vpc_id" {
+  type = "string"
+}
diff --git a/aws/tectonic.tf b/aws/tectonic.tf
@@ -0,0 +1,18 @@
+data "aws_availability_zones" "azs" {}
+
+module "vpc" {
+  source          = "./vpc"
+  external_vpc_id = "${var.external_vpc_id}"
+  az_count        = "${var.az_count}"
+}
+
+module "etcd" {
+  source      = "./etcd"
+  vpc_id      = "${module.vpc.cluster_vpc_id}"
+  node_count  = "${var.az_count}"
+  etcd_domain = "${var.etcd_domain}"
+}
+
+output "etcd_endpoints" {
+  value = "${module.etcd.endpoints}"
+}
diff --git a/aws/variables.tf b/aws/variables.tf
@@ -0,0 +1,12 @@
+variable "external_vpc_id" {
+  type = "string"
+}
+
+variable "az_count" {
+  type = "string"
+}
+
+variable "etcd_domain" {
+  type    = "string"
+  default = "etcd.cluster."
+}
diff --git a/aws/vpc/output.tf b/aws/vpc/output.tf
@@ -0,0 +1,3 @@
+output "cluster_vpc_id" {
+  value = "${length(var.external_vpc_id) > 0 ? var.external_vpc_id : aws_vpc.new_vpc.id}"
+}
diff --git a/aws/vpc/variables.tf b/aws/vpc/variables.tf
@@ -0,0 +1,12 @@
+variable "external_vpc_id" {
+  type = "string"
+}
+
+variable "vpc_cid_block" {
+  type    = "string"
+  default = "172.31.0.0/16"
+}
+
+variable "az_count" {
+  type = "string"
+}
diff --git a/aws/vpc/vpc.tf b/aws/vpc/vpc.tf
@@ -0,0 +1,38 @@
+data "aws_availability_zones" "azs" {}
+
+resource "aws_vpc" "new_vpc" {
+  count                = "${length(var.external_vpc_id) > 0 ? 0 : 1}"
+  cidr_block           = "${var.vpc_cid_block}"
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+}
+
+resource "aws_default_route_table" "default" {
+  count                  = "${length(var.external_vpc_id) > 0 ? 0 : 1}"
+  default_route_table_id = "${aws_vpc.new_vpc.default_route_table_id}"
+}
+
+resource "aws_subnet" "az_subnet" {
+  count             = "${length(var.external_vpc_id) > 0 ? 0 : var.az_count}"
+  cidr_block        = "${cidrsubnet(aws_vpc.new_vpc.cidr_block, 8, count.index + 1)}"
+  vpc_id            = "${aws_vpc.new_vpc.id}"
+  availability_zone = "${data.aws_availability_zones.azs.names[count.index]}"
+}
+
+resource "aws_route_table_association" "route_net" {
+  count          = "${length(var.external_vpc_id) > 0 ? 0 : var.az_count}"
+  route_table_id = "${aws_default_route_table.default.id}"
+  subnet_id      = "${aws_subnet.az_subnet.*.id[count.index]}"
+}
+
+resource "aws_internet_gateway" "igw" {
+  count  = "${length(var.external_vpc_id) > 0 ? 0 : 1}"
+  vpc_id = "${aws_vpc.new_vpc.id}"
+}
+
+resource "aws_route" "igw_route" {
+  count                  = "${length(var.external_vpc_id) > 0 ? 0 : 1}"
+  destination_cidr_block = "0.0.0.0/0"
+  route_table_id         = "${aws_default_route_table.default.id}"
+  gateway_id             = "${aws_internet_gateway.igw.id}"
+}