Update terraform/aws to support terraform version 0.7.x (#172)

* Squashed commits: * includes changes from #86 * Fix nested quotes for terraform 0.7.x * Use template_file as data resource for terraform 0.7.x * Convert etcd_discovery_url to null_resource In Terraform 0.7.x, template file data sources do not support the 'provisioner' parameter. So instead, we must now use a null_resource to get the discovery URL. And, unfortunately, depending on a null_resource does not mean that you can read the file before it exists. * separate out vpc_public_cidrs_list and move it next to dependent list of AZs * aws_instance: fix subnet_id * convert security_groups -> vpc_security_group_ids * tag aws_vpc with org Name * add empty etcd_discovery_url.txt * update Requirements * remove manual step * terraform/aws/private-cloud: changes for terraform-0.7.x, harmonize vs changes to public-cloud
Capgemini · Dec 9, 2016 · 07a4d6b · 07a4d6b
1 parent 4ed771c
commit 07a4d6b
Show file tree

Hide file tree

Showing 14 changed files with 128 additions and 110 deletions.
diff --git a/docs/getting-started-guides/aws/public.md b/docs/getting-started-guides/aws/public.md
@@ -9,7 +9,7 @@ The cluster is provisioned in separate stages as follows:
 
 1. You need an AWS account. Visit [http://aws.amazon.com](http://aws.amazon.com) to get started
 2. You need an AWS [instance profile and role](http://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html) with EC2 full access.
-3. You need to have installed and configured Terraform (>= 0.6.16 recommended). Visit [https://www.terraform.io/intro/getting-started/install.html](https://www.terraform.io/intro/getting-started/install.html) to get started.
+3. You need to have installed and configured Terraform (>= 0.7.11 required). Visit [https://www.terraform.io/intro/getting-started/install.html](https://www.terraform.io/intro/getting-started/install.html) to get started.
 4. You need to have [Python](https://www.python.org/) >= 2.7.5 installed along with [pip](https://pip.pypa.io/en/latest/installing.html).
 5. Kubectl installed in and your PATH:
 

diff --git a/terraform/aws/elb/main.tf b/terraform/aws/elb/main.tf
@@ -1,7 +1,7 @@
 variable "elb_name" { default = "kube-master" }
 variable "health_check_target" { default = "HTTP:8080/healthz" }
-variable "instances" {}
-variable "subnets" {}
+variable "instances" { type = "list" }
+variable "subnets" { type = "list" }
 variable "security_groups" {}
 
 resource "aws_elb" "kube_master" {

diff --git a/terraform/aws/iam/main.tf b/terraform/aws/iam/main.tf
@@ -2,13 +2,13 @@
 resource "aws_iam_role" "master_role" {
   name               = "master_role"
   path               = "/"
-  assume_role_policy = "${file(\"${path.module}/master-role.json\")}"
+  assume_role_policy = "${file("${path.module}/master-role.json")}"
 }
 
 resource "aws_iam_role_policy" "master_policy" {
   name   = "master_policy"
   role   = "${aws_iam_role.master_role.id}"
-  policy = "${file(\"${path.module}/master-policy.json\")}"
+  policy = "${file("${path.module}/master-policy.json")}"
 }
 
 resource "aws_iam_instance_profile" "master_profile" {
@@ -20,13 +20,13 @@ resource "aws_iam_instance_profile" "master_profile" {
 resource "aws_iam_role" "worker_role" {
   name               = "worker_role"
   path               = "/"
-  assume_role_policy = "${file(\"${path.module}/worker-role.json\")}"
+  assume_role_policy = "${file("${path.module}/worker-role.json")}"
 }
 
 resource "aws_iam_role_policy" "worker_policy" {
   name   = "worker_policy"
   role   = "${aws_iam_role.worker_role.id}"
-  policy = "${file(\"${path.module}/worker-policy.json\")}"
+  policy = "${file("${path.module}/worker-policy.json")}"
 }
 
 resource "aws_iam_instance_profile" "worker_profile" {
@@ -38,13 +38,13 @@ resource "aws_iam_instance_profile" "worker_profile" {
 resource "aws_iam_role" "edge-router_role" {
   name               = "edge-router_role"
   path               = "/"
-  assume_role_policy = "${file(\"${path.module}/edge-router-role.json\")}"
+  assume_role_policy = "${file("${path.module}/edge-router-role.json")}"
 }
 
 resource "aws_iam_role_policy" "edge-router_policy" {
   name   = "edge-router_policy"
   role   = "${aws_iam_role.edge-router_role.id}"
-  policy = "${file(\"${path.module}/edge-router-policy.json\")}"
+  policy = "${file("${path.module}/edge-router-policy.json")}"
 }
 
 resource "aws_iam_instance_profile" "edge-router_profile" {

diff --git a/terraform/aws/private-cloud/bastion-server.tf b/terraform/aws/private-cloud/bastion-server.tf
@@ -11,9 +11,9 @@ module "bastion_ami" {
   virttype = "${module.bastion_amitype.prefer_hvm}"
 }
 
-resource "template_file" "bastion_cloud_init" {
-  template   = "bastion-cloud-config.yml.tpl"
-  depends_on = ["template_file.etcd_discovery_url"]
+data "template_file" "bastion_cloud_init" {
+  template   = "${file("bastion-cloud-config.yml.tpl")}"
+  depends_on = ["null_resource.etcd_discovery_url"]
   vars {
     etcd_discovery_url = "${file(var.etcd_discovery_url_file)}"
     size               = "${var.masters}"
@@ -31,7 +31,7 @@ resource "aws_instance" "bastion" {
   security_groups   = ["${module.sg-default.security_group_id}", "${aws_security_group.bastion.id}"]
   key_name          = "${module.aws-keypair.keypair_name}"
   source_dest_check = false
-  user_data         = "${template_file.bastion_cloud_init.rendered}"
+  user_data         = "${data.template_file.bastion_cloud_init.rendered}"
   tags = {
     Name = "kube-bastion"
     role = "bastion"

diff --git a/terraform/aws/private-cloud/etcd_discovery_url.txt b/terraform/aws/private-cloud/etcd_discovery_url.txt
@@ -1 +0,0 @@
-

diff --git a/terraform/aws/private-cloud/main.tf b/terraform/aws/private-cloud/main.tf
@@ -3,8 +3,19 @@ variable "secret_key" {}
 variable "public_key_file" { default = "~/.ssh/id_rsa_aws.pub" }
 variable "private_key_file" { default = "~/.ssh/id_rsa_aws.pem" }
 variable "region" { default = "eu-west-1" }
-variable "availability_zones" { default = "eu-west-1a,eu-west-1b,eu-west-1c" }
+variable "availability_zones" {
+    type = "list"
+    default = [ "eu-west-1a", "eu-west-1b", "eu-west-1c" ]
+}
 variable "vpc_cidr_block" { default = "10.0.0.0/16" }
+variable "vpc_private_subnets_list" {
+    type = "list"
+    default = [ "10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24" ]
+}
+variable "vpc_public_subnets_list" {
+    type = "list"
+    default = [ "10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24" ]
+}
 variable "coreos_channel" { default = "stable" }
 variable "etcd_discovery_url_file" { default = "etcd_discovery_url.txt" }
 variable "masters" { default = "3" }
@@ -27,18 +38,18 @@ module "vpc" {
   name                = "default"
 
   cidr                = "${var.vpc_cidr_block}"
-  private_subnets     = "10.0.1.0/24,10.0.2.0/24,10.0.3.0/24"
-  public_subnets      = "10.0.101.0/24,10.0.102.0/24,10.0.103.0/24"
+  private_subnets     = [ "${var.vpc_private_subnets_list}" ]
+  public_subnets      = [ "${var.vpc_public_subnets_list}" ]
   bastion_instance_id = "${aws_instance.bastion.id}"
 
-  azs                 = "${var.availability_zones}"
+  azs                 = [ "${var.availability_zones}" ]
 }
 
 # ssh keypair for instances
 module "aws-keypair" {
   source = "../keypair"
 
-  public_key_filename = "${var.public_key_file}"
+  public_key = "${file("${var.public_key_file}")}"
 }
 
 # security group to allow all traffic in and out of the instances in the VPC
@@ -52,20 +63,18 @@ module "elb" {
   source = "../elb"
 
   security_groups = "${module.sg-default.security_group_id}"
-  instances       = "${join(\",\", aws_instance.worker.*.id)}"
+  instances       = "${join(",", aws_instance.worker.*.id)}"
   subnets         = "${module.vpc.public_subnets}"
 }
 
 # Generate an etcd URL for the cluster
-resource "template_file" "etcd_discovery_url" {
-  template = "/dev/null"
-  provisioner "local-exec" {
-    command = "curl https://discovery.etcd.io/new?size=${var.masters} > ${var.etcd_discovery_url_file}"
-  }
-  # This will regenerate the discovery URL if the cluster size changes, we include the bastion here
-  vars {
-    size = "${var.masters}"
-  }
+resource "null_resource" "etcd_discovery_url" {
+    provisioner "local-exec" {
+        command = "curl -s https://discovery.etcd.io/new?size=${var.masters} > ${var.etcd_discovery_url_file}"
+    }
+
+    # To change the cluster size of an existing live cluster, please read:
+    # https://coreos.com/etcd/docs/latest/etcd-live-cluster-reconfiguration.html
 }
 
 # outputs

diff --git a/terraform/aws/private-cloud/masters.tf b/terraform/aws/private-cloud/masters.tf
@@ -10,17 +10,17 @@ module "master_ami" {
   virttype = "${module.master_amitype.prefer_hvm}"
 }
 
-resource "template_file" "master_cloud_init" {
-  template   = "master-cloud-config.yml.tpl"
-  depends_on = ["template_file.etcd_discovery_url"]
+data "template_file" "master_cloud_init" {
+  template   = "${file("master-cloud-config.yml.tpl")}"
+  depends_on = ["null_resource.etcd_discovery_url"]
   vars {
     etcd_discovery_url = "${file(var.etcd_discovery_url_file)}"
     size               = "${var.masters}"
     region             = "${var.region}"
   }
 }
 
-resource "aws_instance" "mmaster" {
+resource "aws_instance" "master" {
   instance_type     = "${var.master_instance_type}"
   ami               = "${module.master_ami.ami_id}"
   count             = "${var.masters}"
@@ -29,7 +29,7 @@ resource "aws_instance" "mmaster" {
   subnet_id         = "${element(split(",", module.vpc.private_subnets), count.index)}"
   security_groups   = ["${module.sg-default.security_group_id}"]
   depends_on        = ["aws_instance.bastion"]
-  user_data         = "${template_file.master_cloud_init.rendered}"
+  user_data         = "${data.template_file.master_cloud_init.rendered}"
   tags = {
     Name = "kube-master-${count.index}"
     role = "masters"

diff --git a/terraform/aws/private-cloud/vpc/main.tf b/terraform/aws/private-cloud/vpc/main.tf
@@ -1,9 +1,9 @@
 variable "name" { }
 variable "cidr" { }
-variable "public_subnets" { default = "" }
-variable "private_subnets" { default = "" }
+variable "public_subnets" { default = [] }
+variable "private_subnets" { default = [] }
 variable "bastion_instance_id" { }
-variable "azs" { }
+variable "azs" { type="list" }
 variable "enable_dns_hostnames" {
   description = "should be true if you want to use private DNS within the VPC"
   default = false
@@ -51,19 +51,19 @@ resource "aws_route_table" "private" {
 
 resource "aws_subnet" "private" {
   vpc_id            = "${aws_vpc.mod.id}"
-  cidr_block        = "${element(split(",", var.private_subnets), count.index)}"
-  availability_zone = "${element(split(",", var.azs), count.index)}"
-  count             = "${length(compact(split(",", var.private_subnets)))}"
+  cidr_block        = "${element(var.private_subnets, count.index)}"
+  availability_zone = "${element(var.azs, count.index)}"
+  count             = "${length(var.private_subnets)}"
   tags {
     Name = "${var.name}-private"
   }
 }
 
 resource "aws_subnet" "public" {
   vpc_id            = "${aws_vpc.mod.id}"
-  cidr_block        = "${element(split(",", var.public_subnets), count.index)}"
-  availability_zone = "${element(split(",", var.azs), count.index)}"
-  count             = "${length(compact(split(",", var.public_subnets)))}"
+  cidr_block        = "${element(var.public_subnets, count.index)}"
+  availability_zone = "${element(var.azs, count.index)}"
+  count             = "${length(var.public_subnets)}"
   tags {
     Name = "${var.name}-public"
   }
@@ -72,13 +72,13 @@ resource "aws_subnet" "public" {
 }
 
 resource "aws_route_table_association" "private" {
-  count          = "${length(compact(split(",", var.private_subnets)))}"
+  count          = "${length(var.private_subnets)}"
   subnet_id      = "${element(aws_subnet.private.*.id, count.index)}"
   route_table_id = "${aws_route_table.private.id}"
 }
 
 resource "aws_route_table_association" "public" {
-  count          = "${length(compact(split(",", var.public_subnets)))}"
+  count          = "${length(var.public_subnets)}"
   subnet_id      = "${element(aws_subnet.public.*.id, count.index)}"
   route_table_id = "${aws_route_table.public.id}"
 }

diff --git a/terraform/aws/private-cloud/workers.tf b/terraform/aws/private-cloud/workers.tf
@@ -10,9 +10,9 @@ module "worker_ami" {
   virttype = "${module.worker_amitype.prefer_hvm}"
 }
 
-resource "template_file" "worker_cloud_init" {
-  template   = "worker-cloud-config.yml.tpl"
-  depends_on = ["template_file.etcd_discovery_url"]
+data "template_file" "worker_cloud_init" {
+  template   = "${file("worker-cloud-config.yml.tpl")}"
+  depends_on = ["null_resource.etcd_discovery_url"]
   vars {
     etcd_discovery_url = "${file(var.etcd_discovery_url_file)}"
     size               = "${var.masters}"
@@ -33,7 +33,7 @@ resource "aws_instance" "worker" {
   subnet_id         = "${element(split(",", module.vpc.private_subnets), count.index)}"
   security_groups   = ["${module.sg-default.security_group_id}"]
   depends_on        = ["aws_instance.bastion", "aws_instance.master"]
-  user_data         = "${template_file.master_cloud_init.rendered}"
+  user_data         = "${data.template_file.master_cloud_init.rendered}"
   tags = {
     Name = "kube-worker-${count.index}"
     role = "workers"

diff --git a/terraform/aws/public-cloud/edge-routers.tf b/terraform/aws/public-cloud/edge-routers.tf
@@ -10,16 +10,16 @@ module "edge-router_ami" {
   virttype = "${module.edge-router_amitype.prefer_hvm}"
 }
 
-resource "template_file" "edge-router_cloud_init" {
+data "template_file" "edge-router_cloud_init" {
   template   = "${file("worker-cloud-config.yml.tpl")}"
-  depends_on = ["template_file.etcd_discovery_url"]
+  depends_on = ["null_resource.etcd_discovery_url"]
   vars {
     etcd_discovery_url = "${file(var.etcd_discovery_url_file)}"
     size               = "${var.masters}"
     region             = "${var.region}"
-    etcd_ca            = "${replace(module.ca.ca_cert_pem, \"\n\", \"\\n\")}"
-    etcd_cert          = "${replace(module.etcd_cert.etcd_cert_pem, \"\n\", \"\\n\")}"
-    etcd_key           = "${replace(module.etcd_cert.etcd_private_key, \"\n\", \"\\n\")}"
+    etcd_ca            = "${replace(module.ca.ca_cert_pem, "\n", "\\n")}"
+    etcd_cert          = "${replace(module.etcd_cert.etcd_cert_pem, "\n", "\\n")}"
+    etcd_key           = "${replace(module.etcd_cert.etcd_private_key, "\n", "\\n")}"
   }
 }
 
@@ -29,11 +29,11 @@ resource "aws_instance" "edge-router" {
   iam_instance_profile = "${module.iam.edge-router_profile_name}"
   count                = "${var.edge-routers}"
   key_name             = "${module.aws-keypair.keypair_name}"
-  subnet_id            = "${element(split(",", module.public_subnet.subnet_ids), count.index)}"
+  subnet_id            = "${element(module.public_subnet.subnet_ids, count.index)}"
   source_dest_check    = false
-  security_groups      = ["${module.sg-default.security_group_id}"]
+  vpc_security_group_ids = ["${module.sg-default.security_group_id}"]
   depends_on           = ["aws_instance.master"]
-  user_data            = "${template_file.edge-router_cloud_init.rendered}"
+  user_data            = "${data.template_file.edge-router_cloud_init.rendered}"
   tags = {
     Name   = "kube-edge-router-${count.index}"
     role   = "edge-routers"

diff --git a/terraform/aws/public-cloud/etcd_discovery_url.txt b/terraform/aws/public-cloud/etcd_discovery_url.txt
@@ -1 +0,0 @@
-https://discovery.etcd.io/5a6cb41d2a91517447cb738d7e2cf898