Commit 27a19cc6 authored by drechsau's avatar drechsau

instance now runnable

parent 27f229f8
resource "aws_cloudwatch_metric_alarm" "drone_deploy_recovery" {
alarm_name = "${var.name}-autorecovery"
namespace = "AWS/EC2"
evaluation_periods = "2"
period = "60"
alarm_description = "This metric auto recovers EC2 instances"
alarm_actions = ["arn:aws:automate:${var.region}:ec2:recover"]
#alarm_actions = ["arn:aws:automate:${substr(element(aws_instance.instance.*.availability_zone, count.index), 0, length(element(aws_instance.instance.*.availability_zone, count.index)) - 1)}:ec2:recover"]
statistic = "Minimum"
comparison_operator = "GreaterThanThreshold"
threshold = "0.0"
metric_name = "StatusCheckFailed_System"
dimensions {
InstanceId = "${aws_instance.drone_deploy_instance.id}"
}
}
terraform {
backend "s3" {
bucket = "geeks-terraform"
key = "drone-deploy/drone/instance/terraform.tfstate"
region = "us-east-2"
#dynamodb_table = "geeks-tf-state"
}
}
data "terraform_remote_state" "vpc" {
backend = "s3"
config {
bucket = "geeks-terraform"
key = "drone-deploy/vpc/terraform.tfstate"
region = "us-east-2"
}
}
resource "aws_eip" "drone_deploy_instance_eip" {
vpc = true
}
resource "aws_eip_association" "eip_drone_deploy_instance_eip" {
instance_id = "${aws_instance.drone_deploy_instance.id}"
allocation_id = "${aws_eip.drone_deploy_instance_eip.id}"
}
data "template_file" "drone_deploy_userdata" {
template = "${file("${path.module}/userdata.sh")}"
}
variable "drone_deploy_instance" {
type = "map"
default = {
ami = "ami-336b4456"
instance_type = "t2.micro"
keyid = "mike-aws"
}
}
resource "aws_instance" "drone_deploy_instance" {
ami = "${var.drone_deploy_instance.["ami"]}"
instance_type = "${var.drone_deploy_instance.["instance_type"]}"
availability_zone = "us-east-2a"
instance_initiated_shutdown_behavior = "stop"
key_name = "${var.drone_deploy_instance.["keyid"]}"
vpc_security_group_ids = ["${aws_security_group.drone_deploy_inbound_sg.id}"]
subnet_id = "${data.terraform_remote_state.vpc.sn-drone-deploy-mgmt-a}"
#associate_public_ip_address = "false"
user_data = "${data.template_file.drone_deploy_userdata.rendered}"
tags {
Name = "${var.name}-instance"
"mike:env" = "prod"
"mike:product" = "drone-deploy"
"mike:owner" = "${var.owner}"
}
}
output "drone_deploy_inbound_sg" {
value = "${aws_security_group.drone_deploy_inbound_sg.id}"
}
# requires some love
# allow global inbound on port 22 to ELB
resource "aws_security_group" "drone_deploy_inbound_sg" {
name = "${var.name}_inbound_sg"
description = "Allow services - Global"
vpc_id = "${data.terraform_remote_state.vpc.the_vpc_id}"
# ping from all
ingress {
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
# access from home
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["${var.mikeh-home}", "${var.mikeh-lab}"]
ipv6_cidr_blocks = ["${var.mikeh-home-ipv6}", "${var.mikeh-lab-ipv6}"]
}
# should make the ports a variable
ingress {
from_port = 9000
to_port = 9000
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
ingress {
from_port = 2375
to_port = 2376
protocol = "tcp"
cidr_blocks = ["${var.mikeh-home}", "${var.mikeh-lab}"]
ipv6_cidr_blocks = ["${var.mikeh-home-ipv6}", "${var.mikeh-lab-ipv6}"]
}
# and we have outbound access to everything cause I'm k00l
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags {
Name = "${var.name}_inbound_sg"
"mike:owner" = "${var.owner}"
"mike:env" = "prod"
"mike:product" = "${var.name}"
}
}
../../terraform.tfvars
\ No newline at end of file
#!/bin/bash -v
##### HACKERY INCOMING
# cause .. things can take a bit for aptitude
sleep 90
# this already runs as root
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
# update repositories for any updates for Docker
apt-get update
# output policy status in log
apt-cache policy docker-ce
# install, and output status in log
apt-get install -y docker-ce
systemctl status docker
# avoid constant sudo
usermod -aG docker ubuntu
../../variables.tf
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment