From 0af444929328ec9ce051d541c3e9c08c9269eb63 Mon Sep 17 00:00:00 2001 From: badra001 Date: Tue, 15 Feb 2022 09:09:53 -0500 Subject: [PATCH] update examples --- examples/ec2-add-dns/ec2-dns.tf | 94 +++++++++++++++++++ examples/ec2-add-dns/tf-run.data | 9 ++ examples/ec2-add-dns/variables.ec2-dns.tf | 5 + .../apps/test-instances/.gitignore | 1 + .../apps/test-instances/.terraform-docs.yml | 44 +++++++++ .../apps/test-instances/README.md | 5 + .../apps/test-instances/data.tf | 55 +++++++++++ .../apps/test-instances/ec2-keypair.tf | 50 ++++++++++ .../apps/test-instances/ec2-role.tf | 23 +++++ .../apps/test-instances/ec2.tf | 75 +++++++++++++++ .../apps/test-instances/ec2.tf.example | 79 ++++++++++++++++ .../apps/test-instances/install-ssm.sh | 16 ++++ .../apps/test-instances/locals.tf | 4 + .../apps/test-instances/settings.tf | 19 ++++ .../setup/vpc-test-ec2-keypair.pub | 1 + .../setup/vpc1-test-ec2-keypair.pub | 1 + .../apps/test-instances/show-tunnel-status.sh | 42 +++++++++ .../test-instances/templates/test-ips.txt.tpl | 3 + .../apps/test-instances/test-ips.txt | 3 + .../apps/test-instances/test-ips.txt.tpl | 3 + .../apps/test-instances/test-ping.sh | 30 ++++++ .../apps/test-instances/test-ssh.sh | 34 +++++++ .../apps/test-instances/tf-run.data | 16 ++++ .../apps/test-instances/variables.tf | 18 ++++ examples/full-setup/tf-run.data | 4 +- 25 files changed, 633 insertions(+), 1 deletion(-) create mode 100644 examples/ec2-add-dns/ec2-dns.tf create mode 100644 examples/ec2-add-dns/tf-run.data create mode 100644 examples/ec2-add-dns/variables.ec2-dns.tf create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/.gitignore create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/.terraform-docs.yml create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/README.md create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/data.tf create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2-keypair.tf create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2-role.tf create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2.tf create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2.tf.example create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/install-ssm.sh create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/locals.tf create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/settings.tf create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/setup/vpc-test-ec2-keypair.pub create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/setup/vpc1-test-ec2-keypair.pub create mode 100755 examples/ec2-vpc-region-vpcN-new/apps/test-instances/show-tunnel-status.sh create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/templates/test-ips.txt.tpl create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/test-ips.txt create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/test-ips.txt.tpl create mode 100755 examples/ec2-vpc-region-vpcN-new/apps/test-instances/test-ping.sh create mode 100755 examples/ec2-vpc-region-vpcN-new/apps/test-instances/test-ssh.sh create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/tf-run.data create mode 100644 examples/ec2-vpc-region-vpcN-new/apps/test-instances/variables.tf diff --git a/examples/ec2-add-dns/ec2-dns.tf b/examples/ec2-add-dns/ec2-dns.tf new file mode 100644 index 0000000..bb2e0d6 --- /dev/null +++ b/examples/ec2-add-dns/ec2-dns.tf @@ -0,0 +1,94 @@ +locals { + ec2_instances_map = { for f in var.ec2_instance_names : f => length(regexall("\\.", f)) > 0 ? f : format("%v.*", f) } + ip_to_name = { for k, v in data.aws_instance.ec2 : v.private_ip => { "name" = split(".", v.tags.Name)[0], "ip_address" = v.private_ip, "instance_id" = v.id } } +} + +data "aws_instances" "ec2" { + filter { + name = "tag:Name" + values = values(local.ec2_instances_map) + } + instance_state_names = ["running", "stopped"] +} + +data "aws_instance" "ec2" { + for_each = toset(data.aws_instances.ec2.ids) + instance_id = each.key +} + +# this takes a list of IPs, and returns results_ipv4[each-ip] {} structure +# each value in the structure should be a single value vs a comma separated list as we are looking up only one +# IP and asking for the A or AAAA record +module "ec2_addresses" { + source = "git@github.e.it.census.gov:terraform-modules/dns-lookup.git" + hosts = keys(local.ip_to_name) + use_cidr_format = true +} + +data "aws_route53_zone" "ec2_forward" { + name = var.vpc_domain_name + private_zone = true +} + +resource "time_static" "create_date" { + for_each = local.ip_to_name +} + +resource "aws_route53_record" "ec2_forward" { + for_each = local.ip_to_name + zone_id = data.aws_route53_zone.ec2_forward.zone_id + + name = format("%v.%v.", each.value.name, var.vpc_domain_name) + type = "A" + ttl = "900" + records = [each.value.ip_address] +} + +resource "aws_route53_record" "ec2_forward_txt" { + for_each = local.ip_to_name + zone_id = data.aws_route53_zone.ec2_forward.zone_id + + name = format("%v.%v.", each.value.name, var.vpc_domain_name) + type = "TXT" + ttl = "900" + # records = [format("instance-id=%v create-date=%v", each.value.instance_id, time_static.create_date[each.key].rfc3339)] + records = [format("heritage=terraform,terraform/account_id=%v,terraform/region=%v,terraform/instance_id=%v,terraform/create_time=%d", + data.aws_caller_identity.current.account_id, local.region, each.value.instance_id, time_static.create_date[each.key].unix)] +} + +data "aws_route53_zone" "ec2_reverse" { + for_each = local.ip_to_name + name = module.ec2_addresses.results_ipv4[each.key].network_ptr_sorted + private_zone = true +} + +resource "aws_route53_record" "ec2_reverse" { + for_each = local.ip_to_name + zone_id = data.aws_route53_zone.ec2_reverse[each.key].zone_id + + name = format("%v.", module.ec2_addresses.results_ipv4[each.key].ptr_sorted) + type = "PTR" + ttl = "900" + records = [format("%v.%v.", each.value.name, var.vpc_domain_name)] +} + +resource "aws_route53_record" "ec2_reverse_txt" { + for_each = local.ip_to_name + zone_id = data.aws_route53_zone.ec2_reverse[each.key].zone_id + + name = format("%v.", module.ec2_addresses.results_ipv4[each.key].ptr_sorted) + type = "TXT" + ttl = "900" + # records = [format("instance-id=%v create-date=%v", each.value.instance_id, time_static.create_date[each.key].rfc3339)] + records = [format("heritage=terraform,terraform/account_id=%v,terraform/region=%v,terraform/instance_id=%v,terraform/create_time=%d", + data.aws_caller_identity.current.account_id, local.region, each.value.instance_id, time_static.create_date[each.key].unix)] +} + +## results_ipv4 = { +## "{host}" = { +## "ip_addresses_sorted" = "{host-ip} +## "ip_addresses_version" = "{host-ip-version}" +## "network_ptr_sorted" = "{host-ptr-format-for-network}" +## "ptr_sorted" = "{host-ptr-format}" +## } +## } diff --git a/examples/ec2-add-dns/tf-run.data b/examples/ec2-add-dns/tf-run.data new file mode 100644 index 0000000..5ce7b22 --- /dev/null +++ b/examples/ec2-add-dns/tf-run.data @@ -0,0 +1,9 @@ +VERSION 1.0.1 +REMOTE-STATE +COMMAND tf-directory-setup.py -l none -f +COMMAND setup-new-directory.sh +COMMAND tf-init -upgrade +COMMAND ln -sf ../variables.vpc.tf . +COMMAND ln -sf ../variables.vpc.auto.tfvars . +ALL +COMMAND tf-directory-setup.py -l s3 diff --git a/examples/ec2-add-dns/variables.ec2-dns.tf b/examples/ec2-add-dns/variables.ec2-dns.tf new file mode 100644 index 0000000..f7cb1c6 --- /dev/null +++ b/examples/ec2-add-dns/variables.ec2-dns.tf @@ -0,0 +1,5 @@ +variable "ec2_instance_names" { + description = "Short name or FQDN from the Name tag for the instance, in this particular VPC" + type = list(string) + default = [] +} diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/.gitignore b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/.gitignore new file mode 100644 index 0000000..bcc7663 --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/.gitignore @@ -0,0 +1 @@ +setup/*-keypair diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/.terraform-docs.yml b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/.terraform-docs.yml new file mode 100644 index 0000000..8391b9d --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/.terraform-docs.yml @@ -0,0 +1,44 @@ +formatter: markdown table + +header-from: main.tf +footer-from: "" + +sections: +## hide: [] + show: + - data-sources + - header + - footer + - inputs + - modules + - outputs + - providers + - requirements + - resources + +output: + file: README.md + mode: inject + template: |- + + {{ .Content }} + + +## output-values: +## enabled: false +## from: "" +## +## sort: +## enabled: true +## by: name +## +## settings: +## anchor: true +## color: true +## default: true +## description: false +## escape: true +## indent: 2 +## required: true +## sensitive: true +## type: true diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/README.md b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/README.md new file mode 100644 index 0000000..43aac2c --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/README.md @@ -0,0 +1,5 @@ + +enable_bootstrap = true +enable_instances = true +instance_count = "" + \ No newline at end of file diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/data.tf b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/data.tf new file mode 100644 index 0000000..d804ded --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/data.tf @@ -0,0 +1,55 @@ +data "aws_ami" "test_x86" { + most_recent = true + owners = ["self", "amazon", "aws-marketplace"] + + filter { + name = "description" + values = ["Amazon Linux 2*"] + } + filter { + name = "root-device-type" + values = ["ebs"] + } + filter { + name = "virtualization-type" + values = ["hvm"] + } + filter { + name = "architecture" + values = ["x86_64"] + } +} + +data "aws_ami" "test_arm" { + most_recent = true + owners = ["self", "amazon", "aws-marketplace"] + + filter { + name = "description" + values = ["Amazon Linux 2*"] + } + filter { + name = "root-device-type" + values = ["ebs"] + } + filter { + name = "virtualization-type" + values = ["hvm"] + } + filter { + name = "architecture" + values = ["arm64"] + } +} + +data "aws_security_groups" "test" { + filter { + name = "vpc-id" + values = [local.vpc_id] + } + filter { + name = "group-name" + values = ["*linux*"] + } +} + diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2-keypair.tf b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2-keypair.tf new file mode 100644 index 0000000..1bf1bf2 --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2-keypair.tf @@ -0,0 +1,50 @@ +#--- +# ec2 keypairs +#--- +locals { + keypair_name = format("%v-test-ec2-keypair", local.vpc_short_name) +} + +# two-step process to create +# terraform apply -target=null_resource.generate_keypair +# terraform apply +# when done, add to git +# cd setup +# echo *-keypair >> .gitignore +# git-secret add *-ec2-keypair +# git-secret hide +# git add *-ec2-keypair.{pub,secret} +# git commit -m'add ec2-keypair: *-ec2-keypair' *-ec2-keypair.{pub,secret} .gitignore + +resource "null_resource" "generate_keypair" { + triggers = { + keypair_name = local.keypair_name + } + + count = var.enable_instances ? 1 : 0 + provisioner "local-exec" { + command = "test -d setup || mkdir setup" + } + provisioner "local-exec" { + working_dir = "./setup" + # command = "ssh-keygen -f ${local.keypair_name} -N '' -t dsa -b 1024 -C '${local.keypair_name}@${var.vpc_domain_name}'" + command = "ssh-keygen -f ${local.keypair_name} -N '' -t rsa -b 2048 -C '${local.keypair_name}@${var.vpc_domain_name}'" + } + # provisioner "local-exec" { + # when = destroy + # working_dir = "./setup" + # command = format("rm %v %v.pub",self.triggers.keypair_name,self.triggers.keypair_name) + # } +} + +resource "aws_key_pair" "keypair" { + count = var.enable_instances ? 1 : 0 + key_name = local.keypair_name + public_key = file("setup/${local.keypair_name}.pub") + depends_on = [null_resource.generate_keypair] +} + +output "keypair" { + description = "EC2 keypair for test instances" + value = var.enable_instances ? aws_key_pair.keypair[0].key_name : "" +} diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2-role.tf b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2-role.tf new file mode 100644 index 0000000..eb576a6 --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2-role.tf @@ -0,0 +1,23 @@ +locals { + ssm_policies = [ + "AmazonSSMManagedInstanceCore", + "AmazonEC2RoleforSSM", + ] +} + +data "aws_iam_policy" "ssm_policies" { + for_each = toset(local.ssm_policies) + name = each.key +} + +module "role" { + source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git" + + role_name = local.ec2_role_name + create = var.enable_instances + # attached_policies = [data.terraform_remote_state.common.outputs.managed_policies["ReadOnlyAccess"]] + attached_policies = [for k, v in data.aws_iam_policy.ssm_policies : v.arn] + enable_instance_profile = true + assume_policy_document = data.terraform_remote_state.common.outputs.custom_policy_documents["ec2_assume"].policy +} + diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2.tf b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2.tf new file mode 100644 index 0000000..9dc3c67 --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2.tf @@ -0,0 +1,75 @@ +# https://cloudanddevopstech.com/2020/11/01/terraform-aws-ec2-with-ssm-agent-installed/ + +locals { + bootstrap_commands = [ + # "sudo bash /tmp/bootstrap.sh /tmp/${var.git_deploy_path} ${local.bootstrap_args} |& tee /tmp/bootstrap.log", + "sleep 60", + "sudo yum install -y iperf3 bind-utils curl nc awscli", + # set region in default profile + "aws configure --profile default set region ${local.region}", + "aws configure --profile default set output json", + "sudo aws configure --profile default set region ${local.region}", + "sudo aws configure --profile default set output json", + ] +} + +resource "aws_instance" "test" { + # for_each = var.enable_instances ? local.private_subnets_id_map : {} + for_each = var.enable_instances ? { for k in local.private_subnets_id_list : k => local.private_subnets_id_map[k] } : {} + + ami = local.ami + instance_type = local.my_instance_type + availability_zone = each.value.availability_zone + key_name = local.key_name + subnet_id = each.value.id + vpc_security_group_ids = local.security_groups + iam_instance_profile = module.role.instance_profile_name + + root_block_device { + encrypted = true + volume_type = "gp2" + volume_size = local.root_volume_size > 0 ? local.root_volume_size : 30 + delete_on_termination = true + } + + provisioner "remote-exec" { + inline = var.enable_bootstrap ? local.bootstrap_commands : [] + on_failure = continue + + connection { + type = "ssh" + user = "ec2-user" + host = self.private_ip + agent = false + private_key = file("${path.root}/setup/${local.key_name}") + timeout = var.enable_bootstrap && length(local.bootstrap_commands) > 0 ? "5m" : "5s" + } + } + + user_data = file("${path.root}/install-ssm.sh") + + volume_tags = merge( + local.common_tags, + tomap({ "Name" = format("v-ebs-%v-test-%v:%v", local.vpc_short_name, each.value.label, "/") }), + ) + + tags = merge( + local.common_tags, + tomap({ "Name" = format("%v-test-%v.%v", local.vpc_short_name, each.value.label, var.vpc_domain_name) }), + ) +} + +output "test_instances" { + description = "Details about test instances" + value = { for k, v in aws_instance.test : k => { + name = k + id = v.id + ip_address = v.private_ip + subnet_id = v.subnet_id + } } +} + +resource "local_file" "test_addresses" { + content = templatefile("${path.root}/templates/test-ips.txt.tpl", { instances = aws_instance.test }) + filename = "${path.root}/test-ips.txt" +} diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2.tf.example b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2.tf.example new file mode 100644 index 0000000..efff5ab --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2.tf.example @@ -0,0 +1,79 @@ +locals { + bootstrap_commands = [ + # "sudo bash /tmp/bootstrap.sh /tmp/${var.git_deploy_path} ${local.bootstrap_args} |& tee /tmp/bootstrap.log", + "sleep 60", + "sudo yum install -y iperf3 bind-utils curl nc awscli", + # set region in default profile + "aws configure --profile default set region ${local.region}", + "aws configure --profile default set output json", + "sudo aws configure --profile default set region ${local.region}", + "sudo aws configure --profile default set output json", + ] +} + +resource "aws_instance" "test" { + for_each = var.enable_instances ? local.private_subnets_id_map : {} + + ami = local.ami + instance_type = local.my_instance_type + availability_zone = each.value.availability_zone + key_name = local.key_name + subnet_id = each.value.id + vpc_security_group_ids = local.security_groups + iam_instance_profile = module.role.instance_profile_name + + root_block_device { + encrypted = true + volume_type = "gp2" + volume_size = local.root_volume_size > 0 ? local.root_volume_size : 30 + delete_on_termination = true + } + + volume_tags = merge( + local.common_tags, + tomap({ "Name" = format("v-ebs-%v-test-%v:%v", local.vpc_short_name, each.value.label, "/") }), + ) + + provisioner "remote-exec" { + inline = [ + # "sudo bash /tmp/bootstrap.sh /tmp/${var.git_deploy_path} ${local.bootstrap_args} |& tee /tmp/bootstrap.log", + "sleep 60", + "sudo yum install -y iperf3 bind-utils curl nc awscli", + # set region in default profile + "aws configure --profile default set region ${local.region}", + "aws configure --profile default set output json", + "sudo aws configure --profile default set region ${local.region}", + "sudo aws configure --profile default set output json", + ] + # on_failure = continue + on_failure = fail + + connection { + type = "ssh" + user = "ec2-user" + host = self.private_ip + agent = false + private_key = file("${path.root}/setup/${local.key_name}") + } + } + + tags = merge( + local.common_tags, + tomap({ "Name" = format("%v-test-%v.%v", local.vpc_short_name, each.value.label, var.vpc_domain_name) }), + ) +} + +output "test_instances" { + description = "Details about test instances" + value = { for k, v in aws_instance.test : k => { + name = k + id = v.id + ip_address = v.private_ip + subnet_id = v.subnet_id + } } +} + +resource "local_file" "test_addresses" { + content = templatefile("${path.root}/templates/test-ips.txt.tpl", { instances = aws_instance.test }) + filename = "${path.root}/test-ips.txt" +} diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/install-ssm.sh b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/install-ssm.sh new file mode 100644 index 0000000..1519e98 --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/install-ssm.sh @@ -0,0 +1,16 @@ +#!/bin/bash -x + +# passwd -d root +sudo yum install -y iperf iperf3 bind-utils curl nc awscli jq fping nmap + +REGION=$(curl --silent http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) +aws configure --profile default set region $REGION +aws configure --profile default set output json +sudo aws configure --profile default set region $REGION +sudo aws configure --profile default set output json + +sudo yum install -y https://s3.$REGION.amazonaws.com/amazon-ssm-$REGION/latest/linux_amd64/amazon-ssm-agent.rpm + +sudo systemctl enable amazon-ssm-agent +sudo systemctl start amazon-ssm-agent +sudo systemctl status amazon-ssm-agent diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/locals.tf b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/locals.tf new file mode 100644 index 0000000..b7b1696 --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/locals.tf @@ -0,0 +1,4 @@ +locals { + region = var.region +} + diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/settings.tf b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/settings.tf new file mode 100644 index 0000000..d843606 --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/settings.tf @@ -0,0 +1,19 @@ +locals { + vpc_outputs = data.terraform_remote_state.vpc_east_vpc1.outputs + vpc_short_name = local.vpc_outputs.vpc_info["vpc_short_name"] + + private_subnets_ids = local.vpc_outputs.private_subnets_ids + private_subnets_id_map = { for v in local.vpc_outputs.private_subnets_ids : v.label => v if length(regexall("endpoints|attachment", v.label)) == 0 } + instance_count = var.instance_count == "" || var.instance_count == null ? length(local.private_subnets_id_map) : var.instance_count + private_subnets_id_list = slice(keys(local.private_subnets_id_map), 0, min(local.instance_count, length(local.private_subnets_id_map))) + vpc_id = local.vpc_outputs.vpc_id + security_groups = tolist(data.aws_security_groups.test.ids) + + ami = data.aws_ami.test_x86.id + instance_type = "t3.small" + # my_instance_type = "t3.medium" + key_name = local.keypair_name + root_volume_size = 50 + # ec2_role_name = format("%v-test-ec2-role", "vpc") + ec2_role_name = format("%v-test-ec2-role-%v", local.vpc_short_name, local.region) +} diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/setup/vpc-test-ec2-keypair.pub b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/setup/vpc-test-ec2-keypair.pub new file mode 100644 index 0000000..e70bd03 --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/setup/vpc-test-ec2-keypair.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6UpFuXzZ8kLvXYo+I1pU1DNAiDc6HP15PoMA/IWcgpadvRi+Og15/WUMlAvRZ9nymOIB/oKpZz2B7wpkhQ1PRuiDUlJ0axy7mtWnRuUIuMkZzlCCrZ26HHMWOjTXMaDV8eKd06RLr+OBlfArlDmNEUNAL237jKTU7eHfiF/DU7y9MN6bHRGMPZRrAbzmUbmlV+sDwhLrH1mXLooMeYWzc0t8ReMb2IQyTEtkrlYUdf5D+o2qwRqp8iZp710qaLols02uvTdeBuVlqY0BPjobYwJciuq8XLs1MmQYdpVHHQTOAOlsc5P0nYicEuAh/VJi4Ix8IPS/aJe/9uOS3DWVkQ== vpc-test-ec2-keypair@SOME-DOMAIN diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/setup/vpc1-test-ec2-keypair.pub b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/setup/vpc1-test-ec2-keypair.pub new file mode 100644 index 0000000..fcbb78a --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/setup/vpc1-test-ec2-keypair.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsj2lokVWyrpkzM0ObJs03wv6pGmnxVnKRoDxWWbii23BKBRk4jJNOOgpf3cRfrJ+57KiVKrx1QpwBJa7Rk3rzJxrfsV5N+LgmrPaDTGMAr+DSPTrn7fir6TWrRxZbjteJQA7bLL58OrkdRjJhHiLDVlFsPGx24eVSdF+Ec0VRANpPVNaUtyayvN41m3kDI0rPKDYxN8Da3CILdXHyLYzKeRhRTlnVYF3pv3me81p0v6KneFasp89GQMFuq6z/TIe7T7E+JU0FDhcw5m3wq49m5Vw7/cWtq/wuGcSi5w4g6MBEYJr0RZ1EkSZDMrMgJrYYL78FNBTZXzjYUGtjAhs3Q== vpc1-test-ec2-keypair@tgw-test-domain diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/show-tunnel-status.sh b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/show-tunnel-status.sh new file mode 100755 index 0000000..f67e02d --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/show-tunnel-status.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +PROFILE=$1 +if [ -z $PROFILE ] +then + echo "* missing profile" + exit 1 +fi + +REGION=$2 +if [ -z $REGION ] +then + echo "* missing region" + exit 1 +fi + +VPC=$3 +if [ -z "$VPC" ] +then + VPC="*vpc3*" +fi + +echo "* using profile $PROFILE region $REGION for VPC filter $VPC" + +if [ -z "$FULL" ] +then + echo "## VPN" + aws --profile $PROFILE --region $REGION ec2 describe-vpn-connections --filters Name=tag:Name,Values="$VPC" --output text|grep -iE "VGW|TAG.*Name|customer.*cgw-" + echo "## Routes" + aws --profile $PROFILE --region $REGION ec2 describe-route-tables --filters Name=tag:Name,Values="${VPC}private*" --output text|grep -iE "^TAGS.*Name|vgw" +elif [ "$FULL" == "json" ] +then + echo "## VPN.json" + aws --profile $PROFILE --region $REGION ec2 describe-vpn-connections --filters Name=tag:Name,Values="$VPC" --output json + echo "## Routes.json" + aws --profile $PROFILE --region $REGION ec2 describe-route-tables --filters Name=tag:Name,Values="${VPC}private*" --output json +else + echo "## VPN.full" + aws --profile $PROFILE --region $REGION ec2 describe-vpn-connections --filters Name=tag:Name,Values="$VPC" --output text + echo "## Routes.full" + aws --profile $PROFILE --region $REGION ec2 describe-route-tables --filters Name=tag:Name,Values="${VPC}private*" --output text +fi diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/templates/test-ips.txt.tpl b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/templates/test-ips.txt.tpl new file mode 100644 index 0000000..5ca5edb --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/templates/test-ips.txt.tpl @@ -0,0 +1,3 @@ +%{ for k,v in instances ~} +${v.private_ip} +%{ endfor ~} diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/test-ips.txt b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/test-ips.txt new file mode 100644 index 0000000..fb29b3d --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/test-ips.txt @@ -0,0 +1,3 @@ +10.128.17.32 +10.128.17.119 +10.128.17.154 diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/test-ips.txt.tpl b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/test-ips.txt.tpl new file mode 100644 index 0000000..5ca5edb --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/test-ips.txt.tpl @@ -0,0 +1,3 @@ +%{ for k,v in instances ~} +${v.private_ip} +%{ endfor ~} diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/test-ping.sh b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/test-ping.sh new file mode 100755 index 0000000..53b8273 --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/test-ping.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +DURATION=$1 +if [ -z $DURATION ] +then + DURATION=15 +fi +COUNT=$(( $DURATION * 60 )) +if [ $COUNT == 0 ] +then + COUNT=60 +fi + +STAMP=$(date "+%Y%m%d.%s") +start=$(date +%s) + +echo "* running ping with count=$COUNT at $(date) start=$start" + +TIMEOUT=$(( $COUNT * 2 )) + +for f in $(cat test-ips.txt) +do + echo " * host $f" + ping -c $COUNT -w $TIMEOUT $f > ping.$f.$STAMP.log 2>&1 & +done + +end=$(date +%s) +elapsed=$(( $end - $start )) + +echo "* done running ping with count=$COUNT at $(date) start=$start end=$end elapsed=$elapsed" diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/test-ssh.sh b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/test-ssh.sh new file mode 100755 index 0000000..a8a85e8 --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/test-ssh.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +DURATION=$1 +if [ -z $DURATION ] +then + DURATION=5 +fi + +STAMP=$(date "+%Y%m%d.%s") +start=$(date +%s) + +TIMEOUT=$DURATION + +KEYPAIR=$(ls setup/*-keypair) +echo "* running ssh timeout=$TIMEOUT with keypair=$KEYPAIR at $(date) start=$start" + +count=1 +ecount=0 +for f in $(cat test-ips.txt) +do + echo " * $count host $f" + SSH_AUTH_SOCK="" timeout $TIMEOUT ssh $SSH_OPTIONS -o StrictHostKeyChecking=false -o IdentityFile=$KEYPAIR ec2-user@$f "hostname -f; date +%s" + status=$? + if [ $status != 0 ] + then + ecount=$(( $ecount + 1 )) + fi + count=$(( $count + 1 )) +done + +end=$(date +%s) +elapsed=$(( $end - $start )) + +echo "* done running ssh at $(date) count=$count error_count=$ecount start=$start end=$end elapsed=$elapsed" diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/tf-run.data b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/tf-run.data new file mode 100644 index 0000000..1b8506b --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/tf-run.data @@ -0,0 +1,16 @@ +VERSION 1.1.2 +REMOTE-STATE +COMMAND tf-directory-setup.py -l none -f +COMMAND setup-new-directory.sh +COMMAND tf-init -upgrade +null_resource.generate_keypair +COMMAND ln -sf ../variables.vpc.auto.tfvars . +COMMAND ln -sf ../variables.vpc.tf . +ALL +COMMAND tf-directory-setup.py -l s3 + +COMMENT echo *-keypair >> .gitignore +COMMENT git-secret add *-ec2-keypair +COMMENT git-secret hide +COMMENT git add *-ec2-keypair.{pub,secret} +COMMENT git commit -m'add ec2-keypair: *-ec2-keypair' *-ec2-keypair.{pub,secret} .gitignore diff --git a/examples/ec2-vpc-region-vpcN-new/apps/test-instances/variables.tf b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/variables.tf new file mode 100644 index 0000000..a2c9cda --- /dev/null +++ b/examples/ec2-vpc-region-vpcN-new/apps/test-instances/variables.tf @@ -0,0 +1,18 @@ +variable "enable_instances" { + description = "Flag to enable or disable creation of EC2 key and instances" + type = bool + default = true +} + +variable "enable_bootstrap" { + description = "Flag to enable or disable bootstrap (yum and awscli setup)" + type = bool + default = true +} + +variable "instance_count" { + description = "Number to indicate how many instances (up to subnet-count x az-count)" + type = number + default = null +} + diff --git a/examples/full-setup/tf-run.data b/examples/full-setup/tf-run.data index cbefe1f..5edbacb 100644 --- a/examples/full-setup/tf-run.data +++ b/examples/full-setup/tf-run.data @@ -1,3 +1,4 @@ +VERSION 1.1.1 REMOTE-STATE COMMAND tf-directory-setup.py -l none -f COMMAND setup-new-directory.sh @@ -14,6 +15,7 @@ module.flowlogs module.base-security-groups module.sg_web module.nacls module.nacls_enterprise module.nacls_endpoints module.nacls_public_vpc module.nacls_public_nat -STOP make sure peer configurations are setup properly +# STOP make sure peer configurations are setup properly module.peer_services_main_west module.peer_services_main_east ALL +ALL