-
Notifications
You must be signed in to change notification settings - Fork 6
/
main.tf
246 lines (227 loc) · 9.2 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
locals {
create_deployment_id = var.deployment_id != "" ? 0 : 1
# Common tags to be assigned to all resources
persistent_tags = {
purpose = "automation"
environment = "ansible-automation-platform"
deployment = "aap-infrastructure-${var.deployment_id}"
}
}
terraform {
required_providers {
random = {
source = "hashicorp/random"
version = "~> 3.6.0"
}
aws = {
source = "hashicorp/aws"
version = ">= 3.15"
}
}
required_version = ">= 1.5.4"
}
# Configure the AWS Provider
provider "aws" {
region = var.aws_region
}
resource "random_string" "deployment_id" {
count = local.create_deployment_id
length = 8
special = false
upper = false
numeric = false
}
########################################
# VPC
########################################
module "vpc" {
depends_on = [ random_string.deployment_id ]
source = "./modules/vpc"
deployment_id = var.deployment_id == "" ? random_string.deployment_id[0].id : var.deployment_id
persistent_tags = local.persistent_tags
}
resource "random_string" "instance_name_suffix" {
length = 8
special = false
upper = false
numeric = false
}
data "aws_ami" "instance_ami" {
most_recent = true
owners = ["309956199498"] # Red Hat's account ID
filter {
name = "name"
values = ["RHEL-9.2.*_HVM-*"]
}
}
resource "aws_key_pair" "admin" {
key_name = "admin-key"
public_key = file(var.infrastructure_ssh_public_key)
}
########################################
# RDS Instance
########################################
module "rds" {
depends_on = [ module.vpc ]
source = "./modules/rds"
deployment_id = var.deployment_id == "" ? random_string.deployment_id[0].id : var.deployment_id
allocated_storage = var.infrastructure_db_allocated_storage
allow_major_version_upgrade = var.infrastructure_db_allow_major_version_upgrade
auto_minor_version_upgrade = var.infrastructure_db_auto_minor_version_upgrade
engine_version = var.infrastructure_db_engine_version
instance_class = var.infrastructure_db_instance_class
multi_az = var.infrastructure_db_multi_az
db_sng_description = "Ansible Automation Platform Subnet Group"
db_sng_name = "aap-infrastructure-${var.deployment_id}-subnet-group"
db_sng_subnets = values(module.vpc.infrastructure_subnets)
db_sng_tags = merge(
{
Name = "aap-infrastructure-${var.deployment_id}-subnet-group"
},
local.persistent_tags
)
skip_final_snapshot = true
storage_iops = var.infrastructure_db_storage_iops
storage_encrypted = var.infrastructure_db_storage_encrypted
storage_type = var.infrastructure_db_storage_type
username = var.infrastructure_db_username
password = var.infrastructure_db_password
persistent_tags = local.persistent_tags
vpc_security_group_ids = [module.vpc.infrastructure_sg_id]
infrastructure_hub_count = var.infrastructure_hub_count
infrastructure_eda_count = var.infrastructure_eda_count
}
########################################
# Controller VM
########################################
module "controller_vm" {
depends_on = [ module.vpc ]
source = "./modules/vms"
app_tag = "controller"
count = var.infrastructure_controller_count
deployment_id = var.deployment_id == "" ? random_string.deployment_id[0].id : var.deployment_id
instance_name_suffix = random_string.instance_name_suffix.result
vm_name_prefix = "controller-${count.index + 1}-"
instance_ami = var.infrastructure_hub_ami == "" ? data.aws_ami.instance_ami.id : var.infrastructure_controller_ami
instance_type = var.infrastructure_controller_instance_type
vpc_security_group_ids = [module.vpc.infrastructure_sg_id]
subnet_id = module.vpc.infrastructure_subnets[0]
key_pair_name = aws_key_pair.admin.key_name
persistent_tags = local.persistent_tags
infrastructure_ssh_private_key = var.infrastructure_ssh_private_key
infrastructure_admin_username = var.infrastructure_admin_username
aap_red_hat_username = var.aap_red_hat_username
aap_red_hat_password = var.aap_red_hat_password
}
########################################
# Hub VM
########################################
module "hub_vm" {
depends_on = [ module.vpc ]
source = "./modules/vms"
app_tag = "hub"
count = var.infrastructure_hub_count
deployment_id = var.deployment_id == "" ? random_string.deployment_id[0].id : var.deployment_id
instance_name_suffix = random_string.instance_name_suffix.result
vm_name_prefix = "hub-${count.index + 1}-"
instance_ami = var.infrastructure_hub_ami == "" ? data.aws_ami.instance_ami.id : var.infrastructure_hub_ami
instance_type = var.infrastructure_hub_instance_type
vpc_security_group_ids = [module.vpc.infrastructure_sg_id]
subnet_id = module.vpc.infrastructure_subnets[2]
key_pair_name = aws_key_pair.admin.key_name
persistent_tags = local.persistent_tags
infrastructure_ssh_private_key = var.infrastructure_ssh_private_key
infrastructure_admin_username = var.infrastructure_admin_username
aap_red_hat_username = var.aap_red_hat_username
aap_red_hat_password = var.aap_red_hat_password
}
########################################
# Execution VM
########################################
module "execution_vm" {
depends_on = [ module.vpc ]
source = "./modules/vms"
count = var.infrastructure_execution_count
app_tag = "execution"
deployment_id = var.deployment_id == "" ? random_string.deployment_id[0].id : var.deployment_id
instance_name_suffix = random_string.instance_name_suffix.result
vm_name_prefix = "execution-${count.index + 1}-"
instance_ami = var.infrastructure_hub_ami == "" ? data.aws_ami.instance_ami.id : var.infrastructure_execution_ami
instance_type = var.infrastructure_execution_instance_type
vpc_security_group_ids = [module.vpc.infrastructure_sg_id]
# subnet_id = index(module.vpc.infrastructure_subnets, "execution")
subnet_id = module.vpc.infrastructure_subnets[1]
key_pair_name = aws_key_pair.admin.key_name
persistent_tags = local.persistent_tags
infrastructure_ssh_private_key = var.infrastructure_ssh_private_key
infrastructure_admin_username = var.infrastructure_admin_username
aap_red_hat_username = var.aap_red_hat_username
aap_red_hat_password = var.aap_red_hat_password
}
########################################
# Event-Driven Ansible VM
########################################
module "eda_vm" {
depends_on = [ module.vpc ]
source = "./modules/vms"
count = var.infrastructure_eda_count
app_tag = "eda"
deployment_id = var.deployment_id == "" ? random_string.deployment_id[0].id : var.deployment_id
instance_name_suffix = random_string.instance_name_suffix.result
vm_name_prefix = "eda-${count.index + 1}-"
instance_ami = var.infrastructure_hub_ami == "" ? data.aws_ami.instance_ami.id : var.infrastructure_eda_ami
instance_type = var.infrastructure_eda_instance_type
vpc_security_group_ids = [ module.vpc.infrastructure_sg_id ]
# subnet_id = index(module.vpc.infrastructure_subnets, "eda")
subnet_id = module.vpc.infrastructure_subnets[3]
key_pair_name = aws_key_pair.admin.key_name
persistent_tags = local.persistent_tags
infrastructure_ssh_private_key = var.infrastructure_ssh_private_key
infrastructure_admin_username = var.infrastructure_admin_username
aap_red_hat_username = var.aap_red_hat_username
aap_red_hat_password = var.aap_red_hat_password
}
resource "terraform_data" "inventory" {
for_each = { for host, instance in flatten(module.controller_vm[*].vm_public_ip): host => instance }
connection {
type = "ssh"
user = var.infrastructure_admin_username
host = each.value
private_key = file(var.infrastructure_ssh_private_key)
}
provisioner "file" {
content = templatefile("${path.module}/templates/inventory.j2", {
aap_controller_hosts = module.controller_vm[*].vm_private_ip
aap_ee_hosts = module.execution_vm[*].vm_private_ip
aap_hub_hosts = module.hub_vm[*].vm_private_ip
aap_eda_hosts = module.eda_vm[*].vm_private_ip
aap_eda_allowed_hostnames = module.eda_vm[*].vm_public_ip
infrastructure_db_username = var.infrastructure_db_username
infrastructure_db_password = var.infrastructure_db_password
aap_red_hat_username = var.aap_red_hat_username
aap_red_hat_password= var.aap_red_hat_password
aap_controller_db_host = module.rds.infrastructure_controller_rds_hostname
aap_hub_db_host = module.rds.infrastructure_hub_rds_hostname
aap_eda_db_host = module.rds.infrastructure_eda_rds_hostname
aap_admin_password = var.aap_admin_password
infrastructure_admin_username = var.infrastructure_admin_username
})
destination = var.infrastructure_aap_installer_inventory_path
}
provisioner "file" {
content = templatefile("${path.module}/templates/config.j2", {
aap_controller_hosts = module.controller_vm[*].vm_private_ip
aap_ee_hosts = module.execution_vm[*].vm_private_ip
aap_hub_hosts = module.hub_vm[*].vm_private_ip
aap_eda_hosts = module.eda_vm[*].vm_private_ip
infrastructure_admin_username = var.infrastructure_admin_username
})
destination = "/home/${var.infrastructure_admin_username}/.ssh/config"
}
provisioner "remote-exec" {
inline = [
"chmod 0644 /home/${var.infrastructure_admin_username}/.ssh/config",
"sudo cp /home/${var.infrastructure_admin_username}/.ssh/config /root/.ssh/config",
]
}
}