Sky Cone


Welcome to my blog. The topics here include: public clouds (AWS, Alibaba Cloud, Azure, Tencent Cloud and Google Cloud), big data, Serverless, DevOps, and IaC. Any question try to contact me: leo@tianzhui.cloud.

Deploy Docker Build Server using Terraform

2020年03月25日

-
In AWS SSM, create a parameter of type SecureStringm and set its name. Its value will be used as the password of the local user you specified.

Deploy Docker server
$ curl -O https://releases.hashicorp.com/terraform/0.12.24/terraform_0.12.24_linux_amd64.zip

$ sudo unzip terraform_0.12.24_linux_amd64.zip -d /usr/local/bin

$ mkdir tf
$ cd tf

$ mkdir AWS
$ cd AWS/

$ mkdir -p compute
$ touch compute/{main.tf,variables.tf,userdata.tpl}

$ touch compute/
$ touch {main.tf,variables.tf}

$ vim main.tf

provider "aws" {
    region = "${var.aws_region}"
}

# Deploy Compute Resources

module "compute" {
    source = "./compute"
    instance_count = "${var.instance_count}"
    key_name = "${var.key_name}"
    instance_type = "${var.server_instance_type}"
}

$ vim variables.tf
variable "aws_region" {}
variable "project_name" {}

$ vim terraform.tfvars
aws_region = "us-west-2"
project_name = "la-terrafrom"
vpc_cidr = "10.0.0.0/16"
public_cidrs = [
    "10.0.0.0/24",
    "10.0.1.0/24"
    ]
accessip = "0.0.0.0/0"
key_name = "***"
server_instance_type = "t3a.small"
instance_count = 1

$ vim variables.tf
variable "aws_region" {}

variable "project_name" {}

variable "key_name" {}

variable "server_instance_type" {}

variable "instance_count" {
    default = 1
}

$ cd compute/

$ vim main.tf
#---compute/main.tf

data "aws_ami" "server_ami" {
    most_recent = true
    owners = ["679593333241"]
    filter {
        name = "owner-alias"
        values = ["aws-marketplace"]
    }
    filter {
        name   = "virtualization-type"
        values = ["hvm"]
    }
    filter {
        name   = "root-device-type"
        values = ["ebs"]
    }
    filter {
        name = "name"
        values = ["CentOS Linux 7 x86_64 HVM EBS ENA *"]
    }
}

data "template_file" "user-init" {
    template = "${file("${path.module}/userdata.tpl")}"
}

resource "aws_instance" "tf_server" {
    count = "${var.instance_count}"
    instance_type = "${var.instance_type}"
    ami = "${data.aws_ami.server_ami.id}"
    key_name = "***"
    vpc_security_group_ids = ["sg-***","sg-***"]
    subnet_id = "subnet-***"
    user_data = "${data.template_file.user-init.rendered}"
}

$ vim userdata.tpl
#!/bin/bash
sed -i '/PasswordAuthentication no/ c\PasswordAuthentication yes' /etc/ssh/sshd_config
systemctl restart sshd
passwd centos
yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
aws ssm get-parameter --region us-west-2 --name "[NAME]" --with-decryption --query "Parameter.Value" --output text | passwd centos --stdin
echo "[USERNAME] ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/[USERNAME]
Replace the [NAME] with the parameter name specified in SSM.
Replace the [USERNAME] with the username to run Docker.

$ vim variables.tf
#---compute/variables.tf

variable "key_name" { }

variable "instance_count" {}

variable "instance_type" {}

Note: the SSM security group should allow inbound traffic from Terraform server.

$ terraform init

$ terraform plan

$ terraform apply

$ terraform destroy


References

Passing input into passwd using pipe


Category: orchestration Tags: public

Upvote


Downvote