diff --git a/bootstrap/aws-public/config-default.sh b/bootstrap/aws-public/config-default.sh index 005ef848..c3fb4d2c 100644 --- a/bootstrap/aws-public/config-default.sh +++ b/bootstrap/aws-public/config-default.sh @@ -25,7 +25,7 @@ export TF_VAR_region=${TF_VAR_region:-eu-west-1} export TF_VAR_master_size=${TF_VAR_master_size:-m1.medium} export TF_VAR_slave_size=${TF_VAR_slave_size:-m1.medium} export TF_VAR_slaves=${TF_VAR_slaves:-1} -export TF_VAR_subnet_availability_zone=${TF_VAR_subnet_availability_zone:-eu-west-1a} +export TF_VAR_availability_zones=${TF_VAR_availability_zones:-'eu-west-1a,eu-west-1b,eu-west-1c'} export APOLLO_consul_dc=${APOLLO_consul_dc:-$TF_VAR_region} export APOLLO_mesos_cluster_name=${APOLLO_mesos_cluster_name:-$TF_VAR_region} diff --git a/bootstrap/aws/config-default.sh b/bootstrap/aws/config-default.sh index 3a2f39ac..b86b76df 100644 --- a/bootstrap/aws/config-default.sh +++ b/bootstrap/aws/config-default.sh @@ -19,14 +19,14 @@ export ANSIBLE_SSH_ARGS="-F ${APOLLO_ROOT}/terraform/${APOLLO_PROVIDER}/ssh.conf # so no really needed to export them. Exporting for consitency. export TF_VAR_atlas_artifact_master=${TF_VAR_atlas_artifact_master:-capgemini/apollo-ubuntu-14.04-amd64} export TF_VAR_atlas_artifact_slave=${TF_VAR_atlas_artifact_slave:-capgemini/apollo-ubuntu-14.04-amd64} -export TF_VAR_atlas_artifact_version_master=${TF_VAR_atlas_artifact_version_master:-latest} -export TF_VAR_atlas_artifact_version_slave=${TF_VAR_atlas_artifact_version_slave:-latest} +export TF_VAR_atlas_artifact_version_master=${TF_VAR_atlas_artifact_version_master:-6} +export TF_VAR_atlas_artifact_version_slave=${TF_VAR_atlas_artifact_version_slave:-6} export TF_VAR_region=${TF_VAR_region:-eu-west-1} export TF_VAR_master_size=${TF_VAR_master_size:-m1.medium} export TF_VAR_slave_size=${TF_VAR_slave_size:-m1.medium} export TF_VAR_slaves=${TF_VAR_slaves:-1} -export TF_VAR_subnet_availability_zone=${TF_VAR_subnet_availability_zone:-eu-west-1a} - +export TF_VAR_availability_zones=${TF_VAR_availability_zones:-'eu-west-1a,eu-west-1b,eu-west-1c'} +export TF_VAR_public_subnet_availability_zone=${TF_VAR_public_subnet_availability_zone:-'eu-west-1a'} export APOLLO_consul_dc=${APOLLO_consul_dc:-$TF_VAR_region} export APOLLO_mesos_cluster_name=${APOLLO_mesos_cluster_name:-$TF_VAR_region} diff --git a/bootstrap/aws/util.sh b/bootstrap/aws/util.sh index 6402113c..5dfa8d91 100644 --- a/bootstrap/aws/util.sh +++ b/bootstrap/aws/util.sh @@ -15,7 +15,7 @@ function set_vpn() { ansible_ssh_config() { pushd "${APOLLO_ROOT}/terraform/${APOLLO_PROVIDER}" - export APOLLO_bastion_ip=$(terraform output bastion.ip) + export APOLLO_bastion_ip=$( terraform output bastion.ip ) # Virtual private cloud CIDR IP. ip=$( terraform output vpc_cidr_block.ip ) @@ -27,7 +27,7 @@ ansible_ssh_config() { User ubuntu HostName $APOLLO_bastion_ip ProxyCommand none - IdentityFile $TF_VAR_key_file + IdentityFile $TF_VAR_private_key_file BatchMode yes PasswordAuthentication no UserKnownHostsFile /dev/null @@ -41,7 +41,7 @@ ansible_ssh_config() { ControlPath ~/.ssh/mux-%r@%h:%p ControlPersist 30m User ubuntu - IdentityFile $TF_VAR_key_file + IdentityFile $TF_VAR_private_key_file UserKnownHostsFile /dev/null EOF popd diff --git a/docs/architecture.png b/docs/architecture.png index b4e22836..0385ad2a 100644 Binary files a/docs/architecture.png and b/docs/architecture.png differ diff --git a/terraform/aws-public/elb.tf b/terraform/aws-public/elb.tf index 35b58cc6..ac2675eb 100644 --- a/terraform/aws-public/elb.tf +++ b/terraform/aws-public/elb.tf @@ -1,7 +1,7 @@ resource "aws_elb" "web" { name = "apollo-elb" - subnets = ["${aws_subnet.public.id}"] + subnets = ["${aws_subnet.public.*.id}"] listener { instance_port = 80 diff --git a/terraform/aws-public/mesos-masters.tf b/terraform/aws-public/mesos-masters.tf index d653f9f1..899f97f7 100644 --- a/terraform/aws-public/mesos-masters.tf +++ b/terraform/aws-public/mesos-masters.tf @@ -16,7 +16,7 @@ resource "aws_instance" "mesos-master" { ami = "${replace(atlas_artifact.mesos-master.id, concat(var.region, ":"), "")}" count = "${var.masters}" key_name = "${aws_key_pair.deployer.key_name}" - subnet_id = "${aws_subnet.public.id}" + subnet_id = "${element(aws_subnet.public.*.id, count.index)}" source_dest_check = false security_groups = ["${aws_security_group.default.id}"] tags = { diff --git a/terraform/aws-public/mesos-slaves.tf b/terraform/aws-public/mesos-slaves.tf index abfe7526..bf6c1039 100644 --- a/terraform/aws-public/mesos-slaves.tf +++ b/terraform/aws-public/mesos-slaves.tf @@ -11,7 +11,7 @@ resource "aws_instance" "mesos-slave" { ami = "${replace(atlas_artifact.mesos-master.id, concat(var.region, ":"), "")}" count = "${var.slaves}" key_name = "${aws_key_pair.deployer.key_name}" - subnet_id = "${aws_subnet.public.id}" + subnet_id = "${element(aws_subnet.public.*.id, count.index)}" source_dest_check = false security_groups = ["${aws_security_group.default.id}"] depends_on = ["aws_instance.mesos-master"] diff --git a/terraform/aws-public/public-subnet.tf b/terraform/aws-public/public-subnet.tf index 1f349c77..1fb661bd 100644 --- a/terraform/aws-public/public-subnet.tf +++ b/terraform/aws-public/public-subnet.tf @@ -6,8 +6,9 @@ resource "aws_internet_gateway" "public" { /* Public subnet */ resource "aws_subnet" "public" { vpc_id = "${aws_vpc.default.id}" - availability_zone = "${var.subnet_availability_zone}" - cidr_block = "${var.public_subnet_cidr_block}" + count = "${length(split(",", var.availability_zones))}" + availability_zone = "${element(split(",", var.availability_zones), count.index)}" + cidr_block = "10.0.${count.index}.0/24" map_public_ip_on_launch = true depends_on = ["aws_internet_gateway.public"] tags { @@ -34,6 +35,6 @@ resource "aws_main_route_table_association" "public" { /* Associate the routing table to public subnet */ resource "aws_route_table_association" "public" { - subnet_id = "${aws_subnet.public.id}" + subnet_id = "${element(aws_subnet.public.*.id, count.index)}" route_table_id = "${aws_route_table.public.id}" } diff --git a/terraform/aws-public/variables.tf b/terraform/aws-public/variables.tf index 4d6f0f78..adb5a669 100644 --- a/terraform/aws-public/variables.tf +++ b/terraform/aws-public/variables.tf @@ -28,24 +28,14 @@ variable "region" { default = "eu-west-1" } -variable "availability_zone" { - description = "Availability zone for Apollo." - default = "eu-west-1b" -} - variable "vpc_cidr_block" { description = "Cidr block for the VPC." default = "10.0.0.0/16" } -variable "subnet_availability_zone" { - description = "Availability zone for Apollo subnet." - default = "eu-west-1b" -} - -variable "public_subnet_cidr_block" { - description = "CIDR for public subnet" - default = "10.0.0.0/24" +variable "availability_zones" { + description = "AWS availability zones list separated by ','" + default = "" } variable "slaves" { diff --git a/terraform/aws/bastion-server.tf b/terraform/aws/bastion-server.tf index cdd524ec..476c265e 100644 --- a/terraform/aws/bastion-server.tf +++ b/terraform/aws/bastion-server.tf @@ -1,19 +1,24 @@ +resource "aws_key_pair" "deployer" { + key_name = "${var.key_name}" + public_key = "${file(var.key_file)}" +} + /* NAT/VPN server */ resource "aws_instance" "bastion" { ami = "${lookup(var.amis, var.region)}" instance_type = "t2.micro" subnet_id = "${aws_subnet.public.id}" security_groups = ["${aws_security_group.default.id}", "${aws_security_group.bastion.id}"] - depends_on = ["aws_internet_gateway.public"] - key_name = "${var.key_name}" + depends_on = ["aws_internet_gateway.public", "aws_key_pair.deployer"] + key_name = "${aws_key_pair.deployer.key_name}" source_dest_check = false tags = { Name = "apollo-mesos-bastion" role = "bastion" } connection { - user = "ubuntu" - key_file = "${var.key_file}" + user = "ubuntu" + key_file = "${var.private_key_file}" } provisioner "remote-exec" { inline = [ diff --git a/terraform/aws/mesos-masters.tf b/terraform/aws/mesos-masters.tf index db91f175..e571bb7d 100644 --- a/terraform/aws/mesos-masters.tf +++ b/terraform/aws/mesos-masters.tf @@ -1,7 +1,8 @@ /* Base packer build we use for provisioning master instances */ resource "atlas_artifact" "mesos-master" { - name = "${var.atlas_artifact.master}" - type = "aws.ami" + name = "${var.atlas_artifact.master}" + type = "aws.ami" + version = "${var.atlas_artifact_version.master}" } /* Mesos master instances */ @@ -9,12 +10,11 @@ resource "aws_instance" "mesos-master" { instance_type = "${var.instance_type.master}" ami = "${replace(atlas_artifact.mesos-master.id, concat(var.region, ":"), "")}" count = "${var.masters}" - key_name = "${var.key_name}" + key_name = "${aws_key_pair.deployer.key_name}" source_dest_check = false - subnet_id = "${aws_subnet.private.id}" + subnet_id = "${element(aws_subnet.private.*.id, count.index)}" security_groups = ["${aws_security_group.default.id}"] depends_on = ["aws_instance.bastion", "aws_internet_gateway.public"] - private_ip = "${lookup(var.master_ips, concat("master-", count.index))}" tags = { Name = "apollo-mesos-master-${count.index}" role = "mesos_masters" diff --git a/terraform/aws/mesos-slaves.tf b/terraform/aws/mesos-slaves.tf index c6eeb2ba..463b226a 100644 --- a/terraform/aws/mesos-slaves.tf +++ b/terraform/aws/mesos-slaves.tf @@ -1,17 +1,18 @@ /* Base packer build we use for provisioning slave instances */ resource "atlas_artifact" "mesos-slave" { - name = "${var.atlas_artifact.slave}" - type = "aws.ami" + name = "${var.atlas_artifact.slave}" + type = "aws.ami" + version = "${var.atlas_artifact_version.slave}" } /* Mesos slave instances */ resource "aws_instance" "mesos-slave" { instance_type = "${var.instance_type.slave}" - ami = "${replace(atlas_artifact.mesos-master.id, concat(var.region, ":"), "")}" + ami = "${replace(atlas_artifact.mesos-slave.id, concat(var.region, ":"), "")}" count = "${var.slaves}" - key_name = "${var.key_name}" + key_name = "${aws_key_pair.deployer.key_name}" source_dest_check = false - subnet_id = "${aws_subnet.private.id}" + subnet_id = "${element(aws_subnet.private.*.id, count.index)}" security_groups = ["${aws_security_group.default.id}"] depends_on = ["aws_instance.bastion", "aws_internet_gateway.public", "aws_instance.mesos-master"] tags = { @@ -28,7 +29,7 @@ resource "aws_instance" "mesos-slave" { /* Load balancer */ resource "aws_elb" "app" { name = "apollo-mesos-elb" - subnets = ["${aws_subnet.public.id}"] + subnets = ["${aws_subnet.public.*.id}"] security_groups = ["${aws_security_group.default.id}", "${aws_security_group.web.id}"] listener { diff --git a/terraform/aws/private-subnet.tf b/terraform/aws/private-subnet.tf index 1664bbf2..3f3e5c54 100644 --- a/terraform/aws/private-subnet.tf +++ b/terraform/aws/private-subnet.tf @@ -1,8 +1,9 @@ /* Private subnet */ resource "aws_subnet" "private" { vpc_id = "${aws_vpc.default.id}" - cidr_block = "${var.private_subnet_cidr_block}" - availability_zone = "${var.subnet_availability_zone}" + count = "${length(split(",", var.availability_zones))}" + availability_zone = "${element(split(",", var.availability_zones), count.index)}" + cidr_block = "10.0.${count.index+1}.0/24" map_public_ip_on_launch = false depends_on = ["aws_instance.bastion"] tags { @@ -24,6 +25,7 @@ resource "aws_route_table" "private" { /* Associate the routing table to private subnet */ resource "aws_route_table_association" "private" { - subnet_id = "${aws_subnet.private.id}" + count = "${length(split(",", var.availability_zones))}" + subnet_id = "${element(aws_subnet.private.*.id, count.index)}" route_table_id = "${aws_route_table.private.id}" } diff --git a/terraform/aws/public-subnet.tf b/terraform/aws/public-subnet.tf index 38e70000..f406dbe2 100644 --- a/terraform/aws/public-subnet.tf +++ b/terraform/aws/public-subnet.tf @@ -6,7 +6,7 @@ resource "aws_internet_gateway" "public" { /* Public subnet */ resource "aws_subnet" "public" { vpc_id = "${aws_vpc.default.id}" - availability_zone = "${var.subnet_availability_zone}" + availability_zone = "${var.public_subnet_availability_zone}" cidr_block = "${var.public_subnet_cidr_block}" map_public_ip_on_launch = true depends_on = ["aws_internet_gateway.public"] diff --git a/terraform/aws/variables.tf b/terraform/aws/variables.tf index 5efb72a4..f606a34f 100644 --- a/terraform/aws/variables.tf +++ b/terraform/aws/variables.tf @@ -18,6 +18,11 @@ variable "key_file" { default = "" } +variable "private_key_file" { + description = "The ssh public key for using with the cloud provider." + default = "" +} + variable "atlas_infrastructure" { description = "The Atlas infrastructure project to join." default = "capgemini/infrastructure" @@ -28,9 +33,14 @@ variable "region" { default = "eu-west-1" } -variable "subnet_availability_zone" { - description = "Availability zone for Apollo subnet." - default = "eu-west-1b" +variable "public_subnet_availability_zone" { + description = "Public availability zone." + default = "" +} + +variable "availability_zones" { + description = "AWS availability zones list separated by ','" + default = "" } variable "vpc_cidr_block" { @@ -43,11 +53,6 @@ variable "public_subnet_cidr_block" { default = "10.0.0.0/24" } -variable "private_subnet_cidr_block" { - description = "Cidr block for private Mesos subnet." - default = "10.0.1.0/24" -} - variable "slaves" { description = "The number of slaves." default = "1" @@ -58,14 +63,6 @@ variable "masters" { default = "3" } -variable "master_ips" { - default = { - master-0 = "10.0.1.11" - master-1 = "10.0.1.12" - master-2 = "10.0.1.13" - } -} - variable "slave_block_device" { description = "Block device for OSD." default = { @@ -87,6 +84,13 @@ variable "atlas_artifact" { } } +variable "atlas_artifact_version" { + default = { + master = "6" + slave = "6" + } +} + /* Base Ubuntu 14.04 amis by region */ variable "amis" { description = "Base AMI to launch the instances with"