aws-terraform

Terraform aws RHEL 7.7 and CentOS 7.7 latest in any region with disk - LVM

View the Project on GitHub dwaiba/aws-terraform

Table of Contents (AWS RHEL77/centos77 with disks farm with Terraform in any region)

  1. AWS user-data with Terraform - RHEL 7.7 and CentOS 7.7 in all regions with disk and with tools
  2. login
  3. Terraform graph
  4. Automatic provisioning
  5. Via Ansible terraform module

Create a HA k8s Cluster as IAAS

  1. Reporting bugs
  2. Patches and pull requests
  3. License
  4. Code of conduct

AWS user-data with Terraform - RHEL 7.7 and CentOS 7.7 in all regions with disk and with tools

  1. Download and Install Terraform
  2. Create new pair via EC2 console for your account and region (us-east-2 default) and use the corresponding Key pair name value in the console for key_name value in variable.tfwhen performing terraform plan -out "run.plan". Please keep you private pem file handy and note the path.
  3. Collect your AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY="<< >>"

You can generate new ones from your EC2 console via the url for your <<account_user>> - https://console.aws.amazon.com/iam/home?region=us-east-2#/users/<<account_user>>?section=security_credentials.

  1. Please add ingress allowance rule for port 22 over TCP in the default region VPC for remote-exe via ssh agentless to run locally in the project to target server - from the ec2 console for the region - us-east-2 or any other region explicitly that you are passing as paramameter.
  2. git clone https://github.com/dwaiba/aws-terraform && cd aws-terraform && terraform init && terraform plan -out "run.plan" && terraform apply "run.plan".

Post provisioning Automatic curl http://169.254.169.254/latest/user-data|sudo sh - via terraform remote-exec executes prep-centos7.txt shell-script file contents of this repo available as user-data, post provisioning. Various type besides shell-script including direct cloud-init commands may be passed as multipart as part of the user-data via terraform remote-exec.

  1. To destroy terraform destroy

AWS RHEl 7.7 AMIs per regios as per aws ec2 describe-images --owners 309956199498 --query 'Images[*].[CreationDate,Name,ImageId]' --filters "Name=name,Values=RHEL-7.7?*GA*" --region <<region-name>> --output table | sort -r - Red Hat Soln. #15356

AWS CentOS 7.7 AMIs per regios as per aws ec2 describe-images --query 'Images[*].[CreationDate,Name,ImageId]' --filters "Name=name,Values=CentOS*7.7*" --region <<region-name>> --output table| sort -r

AWS CentOS AMIs per regions used in map is as per maintained CentOS Wiki

Login

As per Output intructions for each DNS output.

chmod 400 <<your private pem file>>.pem && ssh -i <<your private pem file>>.pem ec2-user/centos@<<public address>>

Terraform Graph

Please generate dot format (Graphviz) terraform configuration graphs for visual representation of the repo.

terraform graph | dot -Tsvg > graph.svg

Also, one can use Blast Radius on live initialized terraform project to view graph. Please shoot in dockerized format:

docker ps -a|grep blast-radius|awk '{print $1}'|xargs docker kill && rm -rf aws-terraform && git clone https://github.com/dwaiba/aws-terraform && cd aws-terraform && terraform init && docker run --cap-add=SYS_ADMIN -dit --rm -p 5002:5000 -v $(pwd):/workdir:ro 28mm/blast-radius && cd ../

A live example is here for this project.

:high_brightness: Automatic Provisioning

https://github.com/dwaiba/aws-terraform

:beginner: Pre-req:

  1. private pem file per region available locally and has chmod 400
  2. AWS Access key ID, Secret Access key should be available for aws account.

You can generate new ones from your EC2 console via the url for your <<account_user>> - https://console.aws.amazon.com/iam/home?region=us-east-2#/users/<<account_user>>?section=security_credentials.

  1. Port 22 should be open for the Default Security group for the respective regions.

:beginner: Plan:

terraform init && terraform plan -var aws_access_key=<<your AWS_ACCESS_KEY_ID>> -var aws_secret_key=<<Your AWS_SECRET_ACCESS_KEY>> -var count_vms=3 -var disk_sizegb=50 -var distro=<<rhel77 or centos77>> -var key_name=testdwai -var private_key_path=/data/testdwai.pem -var region=us-east-2 -var tag_prefix=toolsrhel77 -out "run.plan"

:beginner: Apply:

terraform apply "run.plan"

:beginner: Destroy:

terraform destroy -var aws_access_key=<<your AWS_ACCESS_KEY_ID>> -var aws_secret_key=<<Your AWS_SECRET_ACCESS_KEY>> -var count_vms=3 -var disk_sizegb=50 -var distro=<<rhel77 or centos7>> -var key_name=testdwai -var private_key_path=/data/testdwai.pem -var region=us-east-2 -var tag_prefix=toolsrhel77

Via Ansible terraform module

Ansible now has a terraform module and a playbook yml file is included in this repository with a sample inventory with localhost

  1. Clone this repository in the ansible box as cd /data && git clone https://github.com/dwaiba/aws-terraform.

  2. Collect your AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY="<< >>"

  3. Change the variables as required in aws-terraform_playbook.yml.

  4. Kick as ansible-playbook -i inventory aws-terraform_playbook.yml.

  5. To destroy set state variable in aws-terraform_playbook.yml to absent.

Create a HA k8s Cluster as IAAS

One can create a Fully HA k8s Cluster using k3sup

curl -sLSf https://get.k3sup.dev | sh && sudo install -m k3sup /usr/local/bin/

One can now use k3sup

  1. Obtain the Public IPs for the instances running as such aws ec2 describe-instances or obtain just the Public IPs as aws ec2 describe-instances --query "Reservations[*].Instances[*].PublicIpAddress" --output=text

  2. one can use to create a cluster with first ip as master <pre>k3sup install --cluster --ip <<Any of the Public IPs>> --user <<ec2-user or centos as per distro>> --ssh-key <<the location of the aws private key like ~/aws-terraform/yourpemkey.pem>></pre>

  3. one can also join another IP as master or node For master: <pre>k3sup join --server --ip <<Any of the other Public IPs>> --user <<ec2-user or centos as per distro>> --ssh-key <<the location of the aws private key like ~/aws-terraform/yourpemkey.pem>> --server-ip <<The Server Public IP>> </pre>

or also as normal node:

k3sup join --ip <<Any of the other Public IPs>> --user <<ec2-user or centos as per distro>> --ssh-key <<the location of the aws private key like ~/aws-terraform/yourpemkey.pem>> --server-ip <<The Server Public IP>> 

Reporting bugs

Please report bugs by opening an issue in the GitHub Issue Tracker. Bugs have auto template defined. Please view it here

Patches and pull requests

Patches can be submitted as GitHub pull requests. If using GitHub please make sure your branch applies to the current master as a ‘fast forward’ merge (i.e. without creating a merge commit). Use the git rebase command to update your branch to the current master if necessary.

License

Code of Conduct