|
arunodhayamsam |
3f1d8d |
# Terraform-AWS-Lufi
|
|
arunodhayamsam |
027d5f |
|
|
arunodhayamsam |
027d5f |
This terraform plan create the resourcess of EC2 instance
|
|
arunodhayamsam |
027d5f |
|
|
arunodhayamsam |
027d5f |
## Terraform Variables
|
|
arunodhayamsam |
027d5f |
Edit the `vars.tf` file to add the variables as per your need.
|
|
arunodhayamsam |
027d5f |
|
|
arunodhayamsam |
027d5f |
| Variable name | Value | Description |
|
|
arunodhayamsam |
027d5f |
| ------------- | ----- | ----------- |
|
|
arunodhayamsam |
027d5f |
| `aws_region` | us-east-1 | Set the region |
|
|
arunodhayamsam |
027d5f |
| `vpc_cidr` | 10.0.0.0/16 | Set the cidr value for the vpc |
|
|
arunodhayamsam |
027d5f |
| `public_subnet_cidr` | 10.0.2.0/24 | Set the cidr value for the public subnet |
|
|
arunodhayamsam |
027d5f |
| `user` | ubuntu | Set the EC2 instance user name |
|
|
arunodhayamsam |
027d5f |
| `public_key` | /home/user_name/.ssh/id_rsa_pub | Set the publickey value for the ec2 instance from the host machine |
|
|
arunodhayamsam |
027d5f |
| `private_key` | /home/user_name/.ssh/id_rsa | Set the private key value for the ec2 instance from the hostmachine |
|
|
arunodhayamsam |
027d5f |
| `aws_access_key` | AWSACCESSKEY | Enter your aws access key |
|
|
arunodhayamsam |
027d5f |
| `aws_secrete_key` | AWSSECRETEKEY | Enter your aws secrete key |
|
|
arunodhayamsam |
027d5f |
| `instance_name` | Lufi_app_instance | Set the name for instance |
|
|
arunodhayamsam |
3b074a |
| `app_dir` | /var/www/ | Set the application directory for the best practice |
|
|
arunodhayamsam |
3b074a |
| `lufi_owner` | www-data | Set the application user for the best practice |
|
|
arunodhayamsam |
3b074a |
| `lufi_group` | www-data | Set the application group for the best practice |
|
|
arunodhayamsam |
3b074a |
| `contact` | contact.example.com | Contact option (mandatory), where you have to put some way for the users to contact you. |
|
|
arunodhayamsam |
3b074a |
| `report` | report@example.com | report option (mandatory) Put an email address or an URL to let people report illegal files |
|
|
arunodhayamsam |
3b074a |
|
|
arunodhayamsam |
3b074a |
|
|
arunodhayamsam |
3b074a |
## Usage of terraform plan with lufi deploy script
|
|
arunodhayamsam |
3b074a |
|
|
arunodhayamsam |
3b074a |
```sh
|
|
arunodhayamsam |
3b074a |
git clone https://framagit.org/fiat-tux/hat-softwares/lufi.git
|
|
arunodhayamsam |
3b074a |
|
|
arunodhayamsam |
3b074a |
cd lufi/.provision/terraform-aws-lufi
|
|
arunodhayamsam |
3b074a |
|
|
arunodhayamsam |
3b074a |
terraform init
|
|
arunodhayamsam |
3b074a |
terraform plan
|
|
arunodhayamsam |
3b074a |
terraform apply
|
|
arunodhayamsam |
3b074a |
```
|
|
arunodhayamsam |
3b074a |
## Usage of terraform plan with ansible role
|
|
arunodhayamsam |
3b074a |
|
|
arunodhayamsam |
3b074a |
- Comment out the below `data template` and `user_data` source in __main.tf__ file
|
|
arunodhayamsam |
3b074a |
|
|
arunodhayamsam |
3b074a |
```hcl
|
|
arunodhayamsam |
3b074a |
locals {
|
|
arunodhayamsam |
3b074a |
user_data_vars = {
|
|
arunodhayamsam |
3b074a |
user = var.lufi_owner
|
|
arunodhayamsam |
3b074a |
group = var.lufi_group
|
|
arunodhayamsam |
3b074a |
directory = var.app_dir
|
|
arunodhayamsam |
3b074a |
git_branch = var.project_version
|
|
arunodhayamsam |
3b074a |
contact_lufi = var.contact
|
|
arunodhayamsam |
3b074a |
report_lufi = var.report
|
|
arunodhayamsam |
3b074a |
}
|
|
arunodhayamsam |
3b074a |
}
|
|
arunodhayamsam |
3b074a |
```
|
|
arunodhayamsam |
3b074a |
|
|
arunodhayamsam |
3b074a |
```hcl
|
|
arunodhayamsam |
3b074a |
user_data = templatefile("${path.module}/lufi_startup.sh", local.user_data_vars)
|
|
arunodhayamsam |
3b074a |
```
|
|
arunodhayamsam |
3b074a |
|
|
arunodhayamsam |
3b074a |
- Add the below provisioner data in __main.tf__ file at the `aws_instance` resource
|
|
arunodhayamsam |
3b074a |
|
|
arunodhayamsam |
3b074a |
```sh
|
|
arunodhayamsam |
3b074a |
connection {
|
|
arunodhayamsam |
3b074a |
agent = false
|
|
arunodhayamsam |
3b074a |
type = "ssh"
|
|
arunodhayamsam |
3b074a |
host = aws_instance.ec2_instance.public_dns
|
|
arunodhayamsam |
3b074a |
private_key = "${file(var.private_key)}"
|
|
arunodhayamsam |
3b074a |
user = "${var.user}"
|
|
arunodhayamsam |
3b074a |
}
|
|
arunodhayamsam |
3b074a |
|
|
arunodhayamsam |
3b074a |
provisioner "remote-exec" {
|
|
arunodhayamsam |
3b074a |
inline = [
|
|
arunodhayamsam |
3b074a |
"sudo apt update -y",
|
|
arunodhayamsam |
3b074a |
"sudo apt install python3.9 -y",
|
|
arunodhayamsam |
3b074a |
]
|
|
arunodhayamsam |
3b074a |
}
|
|
arunodhayamsam |
3b074a |
|
|
arunodhayamsam |
3b074a |
provisioner "local-exec" {
|
|
arunodhayamsam |
3b074a |
command = <
|
|
arunodhayamsam |
3b074a |
sleep 120 && \
|
|
arunodhayamsam |
3b074a |
> hosts && \
|
|
arunodhayamsam |
3b074a |
echo "[Lufi]" | tee -a hosts && \
|
|
arunodhayamsam |
3b074a |
echo "${aws_instance.ec2_instance.public_ip} ansible_user=${var.user} ansible_ssh_private_key_file=${var.private_key}" | tee -a hosts && \
|
|
arunodhayamsam |
3b074a |
export ANSIBLE_HOST_KEY_CHECKING=False && \
|
|
arunodhayamsam |
3b074a |
ansible-playbook -u ${var.user} --private-key ${var.private_key} -i hosts site.yml
|
|
arunodhayamsam |
3b074a |
EOT
|
|
arunodhayamsam |
3b074a |
}
|
|
arunodhayamsam |
3b074a |
```
|