diff options
author | Christopher Baines <mail@cbaines.net> | 2019-05-24 16:03:40 +0100 |
---|---|---|
committer | Christopher Baines <mail@cbaines.net> | 2019-05-24 16:03:40 +0100 |
commit | 2b784c267f8688111ed3f745454e349500f426bc (patch) | |
tree | 71da95b6d23a4c62e6e12953d8f9af8a45f7481a /terraform/aws_using_ami/mini_environment/main.tf | |
parent | f8fabe092138d4513a139b9f9a0f4aaccacd81b0 (diff) | |
download | govuk-mini-environment-admin-2b784c267f8688111ed3f745454e349500f426bc.tar govuk-mini-environment-admin-2b784c267f8688111ed3f745454e349500f426bc.tar.gz |
WIPami-backend
Diffstat (limited to 'terraform/aws_using_ami/mini_environment/main.tf')
-rw-r--r-- | terraform/aws_using_ami/mini_environment/main.tf | 164 |
1 files changed, 164 insertions, 0 deletions
diff --git a/terraform/aws_using_ami/mini_environment/main.tf b/terraform/aws_using_ami/mini_environment/main.tf new file mode 100644 index 0000000..40a8148 --- /dev/null +++ b/terraform/aws_using_ami/mini_environment/main.tf @@ -0,0 +1,164 @@ +terraform { + backend "http" {} +} + +variable "slug" { + type = "string" +} + +variable "aws_access_key" { + type = "string" +} + +variable "aws_secret_key" { + type = "string" +} + +variable "aws_region" { + type = "string" +} + +variable "aws_route_53_zone_id" { + type = "string" +} + +variable "start_command" { + type = "string" +} + +variable "backend_remote_state_address" { + type = "string" +} + +variable "backend_remote_state_username" { + type = "string" +} + +variable "backend_remote_state_password" { + type = "string" +} + +variable "ssh_private_key" { + type = "string" +} + +provider "aws" { + access_key = "${var.aws_access_key}" + secret_key = "${var.aws_secret_key}" + region = "${var.aws_region}" +} + + +data "terraform_remote_state" "backend" { + backend = "http" + config { + address = "${var.backend_remote_state_address}" + username = "${var.backend_remote_state_username}" + password = "${var.backend_remote_state_password}" + } +} + +data "aws_route53_zone" "main" { + zone_id = "${var.aws_route_53_zone_id}" +} + +data "template_file" "govuk_service" { + template = "${file("${path.module}/govuk.service.tpl")}" + + vars { + start_command = "${var.start_command}" + } +} + + +resource "aws_spot_instance_request" "main" { + ami = "ami-8fd760f6" + instance_type = "t2.xlarge" + key_name = "${data.terraform_remote_state.backend.deployer_key_pair_name}" + security_groups = [ + "${data.terraform_remote_state.backend.guix_client_security_group_name}", + "${data.terraform_remote_state.backend.public_webserver_security_group_name}", + "${data.terraform_remote_state.backend.ssh_access_from_mini_environment_admin_security_group_name}" + ] + + wait_for_fulfillment = true + spot_price = "0.21" + spot_type = "one-time" + + root_block_device { + volume_size = "150" + } + + provisioner "file" { + content = "${data.template_file.govuk_service.rendered}" + destination = "/home/ubuntu/govuk.service" + + connection { + type = "ssh" + user = "ubuntu" + private_key = "${var.ssh_private_key}" + } + } + + provisioner "remote-exec" { + inline = [ + "sudo apt-get update", + "sudo apt-get update", + "sudo apt-get -y install nfs-common cachefilesd", + "sudo tune2fs -o user_xattr /dev/xvda1", + "sudo sed 's/#RUN/RUN/' -i /etc/default/cachefilesd", + "sudo mkdir -p /gnu/store", + "sudo mount -t nfs4 -o ro,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,actimeo=600,fsc,nocto,retrans=2 ${data.terraform_remote_state.backend.efs_file_system_dns_name}:gnu/store /gnu/store", + "sudo mkdir -p /var/guix", + "sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 ${data.terraform_remote_state.backend.efs_file_system_dns_name}:var/guix /var/guix", + "echo \"export GUIX_DAEMON_SOCKET=guix://${data.terraform_remote_state.backend.guix_daemon_private_dns}\" | sudo tee /etc/profile.d/guix-daemon-socket.sh", + #"sudo systemctl restart cachefilesd", + "sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080", + "sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443", + "sudo iptables -A OUTPUT -t nat -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080", + "sudo iptables -A OUTPUT -t nat -o lo -p tcp --dport 443 -j REDIRECT --to-port 8443", + "sudo mkdir -p /var/cache/govuk-mini-environment-admin /var/lib/govuk-mini-environment-admin /var/log/govuk-mini-environment-admin", + "sudo mv /home/ubuntu/govuk.service /etc/systemd/system/govuk.service", + "sudo systemctl daemon-reload", + "sudo systemctl enable govuk.service", + "sudo systemctl start govuk.service" + ] + + connection { + type = "ssh" + user = "ubuntu" + private_key = "${var.ssh_private_key}" + } + } +} + +resource "aws_route53_record" "main" { + zone_id = "${data.aws_route53_zone.main.zone_id}" + name = "${var.slug}" + type = "A" + ttl = "60" + records = ["${aws_spot_instance_request.main.public_ip}"] +} + +resource "aws_route53_record" "wildcard" { + zone_id = "${data.aws_route53_zone.main.zone_id}" + name = "*.${var.slug}" + type = "A" + ttl = "60" + records = ["${aws_spot_instance_request.main.public_ip}"] +} + +# Outputs + +output "spot_bid_status" { + value = "${aws_spot_instance_request.main.spot_bid_status}" +} + +output "spot_request_status" { + value = "${aws_spot_instance_request.main.spot_request_state}" +} + +output "mini_environment_up" { + value = "${aws_spot_instance_request.main.spot_bid_status == "fulfilled"}" +} + |