-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
180 lines (157 loc) · 4.41 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
tls = {
source = "hashicorp/tls"
version = "~> 4.0"
}
local = {
source = "hashicorp/local"
version = "~> 2.0"
}
}
required_version = ">= 1.8"
}
provider "aws" {
region = var.aws_region
access_key = var.aws_access_key
secret_key = var.aws_secret_key
token = var.aws_access_token
}
data "aws_vpc" "default" {
default = true
}
# Lookup Ubuntu AMI automatically
data "aws_ami" "ubuntu_ami" {
most_recent = true
owners = ["099720109477"]
filter {
name = "name"
values = [
# "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"
# "ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"
# "ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"
"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"
]
}
}
# Security Group
resource "aws_security_group" "awx_server_sg" {
name = "awx_server_sg"
description = "Security group for the AWX Server"
vpc_id = data.aws_vpc.default.id
# Inbound rules
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTPS"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# Outbound rules
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "awx_server_sg"
Terraform = "true"
}
}
# Generate a new private key
resource "tls_private_key" "awx_server_tls_private_key" {
algorithm = "RSA"
rsa_bits = 4096
}
# Create an AWS key pair from the generated public key
resource "aws_key_pair" "awx_server_key_pair" {
key_name = "my-generated-key"
public_key = tls_private_key.awx_server_tls_private_key.public_key_openssh
}
# Save that private key into a file on local
resource "local_file" "private_key" {
content = tls_private_key.awx_server_tls_private_key.private_key_pem
filename = "${path.module}/my_awx_private_key.pem"
file_permission = "0400"
}
data "aws_subnets" "subnets" {
filter {
name = "vpc-id"
values = [data.aws_vpc.default.id]
}
}
# Launch the AWX Server
resource "aws_instance" "awx_server" {
subnet_id = data.aws_subnets.subnets.ids[0]
instance_type = var.awx_server_ec2_type
vpc_security_group_ids = [aws_security_group.awx_server_sg.id]
ami = data.aws_ami.ubuntu_ami.id
associate_public_ip_address = true
monitoring = true
root_block_device {
volume_size = 40
volume_type = "gp2"
}
key_name = aws_key_pair.awx_server_key_pair.key_name
user_data = file("${path.module}/userdata.sh")
# 1) Copy the entire awx_setup folder to the instance
provisioner "file" {
source = "${path.module}/awx_setup"
destination = "/home/ubuntu"
connection {
type = "ssh"
host = self.public_ip
user = "ubuntu"
# Use the *private* key from the tls_private_key
private_key = tls_private_key.awx_server_tls_private_key.private_key_pem
}
}
# 2) Remote commands to move files where they belong, fix permissions, enable & start the service
provisioner "remote-exec" {
inline = [
# Making sure the scripts are executable
"sudo chmod u+x /home/ubuntu/awx_setup/install.sh",
"sudo chmod u+x /home/ubuntu/awx_setup/start.sh",
# Run the install script
"/home/ubuntu/awx_setup/install.sh",
# Copy service file to systemd directory
"sudo cp /home/ubuntu/awx_setup/awx-auto.service /etc/systemd/system/awx-auto.service",
"sudo chmod 644 /etc/systemd/system/awx-auto.service",
# Enable the service to run on boot
"sudo systemctl enable awx-auto.service",
# Reload systemd
"sudo systemctl daemon-reload",
# Start the service immediately
"sudo systemctl start awx-auto.service"
]
connection {
type = "ssh"
host = self.public_ip
user = "ubuntu"
private_key = tls_private_key.awx_server_tls_private_key.private_key_pem
}
}
tags = {
Name = "awx_server"
Terraform = "true"
}
}