From 700b8b0a112fa976b9850418a7f0c71d95b6dd79 Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Tue, 6 Feb 2018 23:32:48 +0000 Subject: AWS related tweaks --- terraform/aws/mini_environment.tf | 33 +++++++++++++++++++----- terraform/aws/mini_environment/govuk.service.tpl | 4 +-- 2 files changed, 29 insertions(+), 8 deletions(-) (limited to 'terraform') diff --git a/terraform/aws/mini_environment.tf b/terraform/aws/mini_environment.tf index 56c8a3c..ddaefd0 100644 --- a/terraform/aws/mini_environment.tf +++ b/terraform/aws/mini_environment.tf @@ -6,14 +6,21 @@ variable "slug" { type = "string" } +variable "aws_region" { + type = "string" +} + +variable "ssh_public_key" { + type = "string" +} + provider "aws" { - region = "eu-west-1" + region = "${var.aws_region}" } resource "aws_key_pair" "deployer" { - key_name = "deployer" - public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwICJ0eU/M+373AwzuvFtr+xCQdIQfK8CgbroCVMR2nezt/M+I8TIHtY9eb7M7J9Wnpgo+ObVbEmLXZeyzjme4BVBEBCUfKnkxmysqQFCb3NM96rLz509HFsKx/evo8Y+oazuW2L3vnLEKkqXq8jhL2YhlRWZwdNoEBa5N6Lsk/C4zwElAJKRkUDURLZcaNQOiTBtXh4lviX6Fj8rXjRgw/rZZ/fkWkLhP0RuS9V6Pw+f58sgFPkw19ZXj0LZNGHxeeCnyU7Ll0WlZa3WkDwbhNDvHJy6ZcIYZYHJicRKfbeCgBS7KRJvAlnW88au2wbU9t02H9INJyI5Mwua23X9v7tPvFLIFUOHIL5oCJEFYO4iM3lHTwrAov3UQ4/hsV/EVL1rQ1htDMt0QoXxQnJH0u7ThssGi1shJb34/F828lj1qPE4vjvoEyOLZs/pUwXbKHnKevQyiU159J/41shp7HNYh0d6eAeyFSnyvdfhvzx2TdKII0LaXdIgA3BYhN+j4ljNuN1BLEllJNb3u2L8FyyV/PA53k9XE8RdVU3JpE2m1u/49sgYiboruQzzQqelyuvBnajf/4q5wMQrJ8lf4PXp/oTwcvolJ/qiQ5qkfCx7sZojgLZlz1ReqsGAubEpZydme1Ujm5SGVkSSHC/Kx4sDADetJ3k6b1s4Y6w6cfw== chris@giedi" + public_key = "${var.ssh_public_key}" } data "aws_security_group" "guix-client" { @@ -28,8 +35,12 @@ data "aws_route53_zone" "main" { zone_id = "ZD004G8DN6AQZ" } +data "aws_efs_file_system" "main" { + file_system_id = "fs-81e05e48" +} + data "template_file" "govuk_service" { - template = "file(example/govuk.service.tpl)" + template = "${file("${path.module}/mini_environment/govuk.service.tpl")}" vars { guix_daemon_socket = "guix://${data.aws_instance.guix-daemon.private_dns}", @@ -69,9 +80,9 @@ resource "aws_spot_instance_request" "example" { "sudo tune2fs -o user_xattr /dev/xvda1", "sudo sed 's/#RUN/RUN/' -i /etc/default/cachefilesd", "sudo mkdir -p /gnu/store", - "sudo mount -t nfs4 -o ro,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,actimeo=600,fsc,nocto,retrans=2 fs-81e05e48.efs.eu-west-1.amazonaws.com:gnu/store /gnu/store", + "sudo mount -t nfs4 -o ro,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,actimeo=600,fsc,nocto,retrans=2 ${data.aws_efs_file_system.main.dns_name}:gnu/store /gnu/store", "sudo mkdir -p /var/guix", - "sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 fs-81e05e48.efs.eu-west-1.amazonaws.com:var/guix /var/guix", + "sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 ${data.aws_efs_file_system.main.dns_name}:var/guix /var/guix", "echo \"export GUIX_DAEMON_SOCKET=guix://${data.aws_instance.guix-daemon.private_dns}\" | sudo tee /etc/profile.d/guix-daemon-socket.sh", #"sudo systemctl restart cachefilesd", "sudo mv /home/ubuntu/govuk.service /etc/systemd/system/govuk.service", @@ -102,3 +113,13 @@ resource "aws_route53_record" "example_wildcard" { ttl = "60" records = ["${aws_spot_instance_request.example.public_ip}"] } + +# Outputs + +output "spot_bid_status" { + value = "${aws_spot_instance_request.example.spot_bid_status}" +} + +output "spot_request_status" { + value = "${aws_spot_instance_request.example.spot_request_state}" +} diff --git a/terraform/aws/mini_environment/govuk.service.tpl b/terraform/aws/mini_environment/govuk.service.tpl index 52b4b56..750ddaf 100644 --- a/terraform/aws/mini_environment/govuk.service.tpl +++ b/terraform/aws/mini_environment/govuk.service.tpl @@ -4,9 +4,9 @@ After=network.target [Service] Type=simple -User=ubuntu +User=root WorkingDirectory=/home/ubuntu -Environment="GUIX_DAEMON_SOCKET=guix://${guix_daemon_socket}" +Environment="GUIX_DAEMON_SOCKET=${guix_daemon_socket}" ExecStart=/var/guix/profiles/per-user/ubuntu/guix-profile/bin/govuk system start --rails-environment=production --app-domain=${app_domain} --web-domain=${web_domain} --use-high-ports=false --use-https=certbot --fallback [Install] -- cgit v1.2.3