- autogenerate passwords and cookie secret

- add ability to provide volume type and size
- add ability to provide additional security groups both for ELB and
RabbitMQ nodes
- add create_before_destroy for launch configuration
- consistent resource naming to allow creating multiple clusters
- add min_size max_size and desired_size vars for ASG

Author: krotkiewicz

.gitignore

@@ -3,3 +3,4 @@
 *.tfvars
 *.lock.info
 .terraform
+.idea

.travis.yml

@@ -0,0 +1,42 @@
+language: ruby
+sudo: required
+dist: trusty
+
+services:
+- docker
+
+rvm:
+- 2.4.2
+
+before_install:
+- echo "before_install"
+
+install:
+- echo "install"
+- gem install bundler --no-rdoc --no-ri
+- bundle install
+
+before_script:
+- echo 'before_script'
+- export AWS_REGION='us-east-1'
+- export TF_VAR_region=${AWS_REGION}
+- echo "using AWS_REGION=${AWS_REGION}"
+- export TF_WARN_OUTPUT_ERRORS=1
+- curl --silent --output terraform.zip https://releases.hashicorp.com/terraform/0.11.8/terraform_0.11.8_linux_amd64.zip
+- sha256sum terraform.zip  | grep "84ccfb8e13b5fce63051294f787885b76a1fedef6bdbecf51c5e586c9e20c9b7"
+- unzip terraform.zip ; rm -f terraform.zip; chmod +x terraform
+- mkdir -p ${HOME}/bin ; export PATH=${PATH}:${HOME}/bin; mv terraform ${HOME}/bin/
+- terraform -v
+
+script:
+- echo 'script'
+- terraform init
+- terraform fmt -check=true
+- terraform validate -var "region=${AWS_REGION}" -var "vpc_id=vpc-123456" -var "subnets=[\"subnet-12345a\"]" -var "workers_ami_id=ami-123456" -var "cluster_ingress_cidrs=[]" -var "cluster_name=test_cluster"
+# - docker run --rm -v $(pwd):/app/ --workdir=/app/ -t wata727/tflint --error-with-issues
+- cd examples/eks_test_fixture
+- terraform init
+- terraform fmt -check=true
+- terraform validate
+- cd -
+- terraform -v

README.md

@@ -3,7 +3,7 @@
 
 ## What it does ?
 
-1. Creates `${var.count}` nodes in `${var.subnet_ids}` subnets
+1. Creates `N` nodes in `M` subnets
 1. Creates Autoscaling Group and ELB to load balance nodes
 1. Makes sure nodes can talk to each other and create cluster
 1. Make sure new nodes always join the cluster
@@ -16,28 +16,24 @@
 
 
 ## How to use it ?
-
-Clone the repo, go to `example` directory, create `terraform.tfvars` file with content:
+Copy and paste into your Terraform configuration:
 ```
-region = "<REGION-HERE>"
-access_key = "<YOUR-KEY-HERE>"
-secret_key = "<YOUR-SECRET-HERE>"
-ssh_key_name = "<SSH-KEY-NAME>"
-instance_type = "t2.small"
-vpc_id = "<VPC-ID>"
-subnet_ids = ["<SUBNET-ID-1>", "<SUBNET-ID-2>"]
-ssh_security_group_ids = []
-elb_security_group_ids = []
-
-rabbitmq_admin_password = "example-password"
-rabbitmq_rabbit_password = "example-password"
-rabbitmq_secret_cookie = "example-secret-cookie"
-rabbitmq_node_count = 3
+module "rabbitmq" {
+  source                            = "ulamlabs/rabbitmq/aws"
+  version                           = "2.0.0"
+  vpc_id                            = "${var.vpc_id}"
+  ssh_key_name                      = "${var.ssh_key_name}"
+  subnet_ids                        = "${var.subnet_ids}"
+  elb_additional_security_group_ids = ["var.cluster_security_group_id"]
+  min_size                          = "3"
+  max_size                          = "3"
+  desired_size                      = "3"
+}
 ```
 
-then run `terraform get`, `terraform plan` and `terraform apply`.
+then run `terraform init`, `terraform plan` and `terraform apply`.
 
-Are 3 node not enough ? Update `count` to `5` and run `terraform apply` again,
+Are 3 node not enough ? Update sizes to `5` and run `terraform apply` again,
 it will update Autoscaling Group and add `2` nodes more. Dead simple.
 
 Node becomes unresponsive ? Autoscaling group and ELB Health Checks will automatically replace it with new one, without data loss.

cloud-init.yaml

@@ -69,7 +69,7 @@ runcmd:
   - service docker start
   - chkconfig docker on
   - usermod -a -G docker ec2-user
-  - docker run -d --name rabbitmq --hostname $HOSTNAME -p 4369:4369 -p 5672:5672 -p 15672:15672 -p 25672:25672 -e RABBITMQ_ERLANG_COOKIE='${secret_cookie}' -v /root/data:/var/lib/rabbitmq -v /root/conf/:/etc/rabbitmq -v /root/bin:/tmp/bin rabbitmq:3-management
+  - docker run -d --name rabbitmq --hostname $HOSTNAME -p 4369:4369 -p 5672:5672 -p 15672:15672 -p 25672:25672 -e RABBITMQ_ERLANG_COOKIE='${secret_cookie}' -e RABBITMQ_USE_LONGNAME=true -v /root/data:/var/lib/rabbitmq -v /root/conf/:/etc/rabbitmq -v /root/bin:/tmp/bin rabbitmq:3-management
   - sleep 1
   - docker exec rabbitmq bash /tmp/bin/join_cluster.sh $(bash /root/find_hosts.sh)
   - sleep 1

example/main.tf

@@ -5,12 +5,15 @@ variable "region" {}
 variable "vpc_id" {}
 variable "ssh_key_name" {}
 variable "instance_type" {}
+
 variable "subnet_ids" {
   type = "list"
 }
+
 variable "ssh_security_group_ids" {
   type = "list"
 }
+
 variable "elb_security_group_ids" {
   type = "list"
 }
@@ -27,16 +30,16 @@ provider "aws" {
 }
 
 module "rabbitmq" {
-  source = "github.com/ulamlabs/rabbitmq-cluster"
-  region = "${var.region}"
-  vpc_id = "${var.vpc_id}"
-  ssh_key_name = "${var.ssh_key_name}"
-  instance_type = "${var.instance_type}"
-  subnet_ids = "${var.subnet_ids}"
+  source                 = "github.com/ulamlabs/rabbitmq-cluster"
+  region                 = "${var.region}"
+  vpc_id                 = "${var.vpc_id}"
+  ssh_key_name           = "${var.ssh_key_name}"
+  instance_type          = "${var.instance_type}"
+  subnet_ids             = "${var.subnet_ids}"
   ssh_security_group_ids = "${var.ssh_security_group_ids}"
   elb_security_group_ids = "${var.elb_security_group_ids}"
-  admin_password = "${var.rabbitmq_admin_password}"
-  rabbit_password = "${var.rabbitmq_rabbit_password}"
+  admin_password         = "${var.rabbitmq_admin_password}"
+  rabbit_password        = "${var.rabbitmq_rabbit_password}"
   rabbitmq_secret_cookie = "${var.rabbitmq_secret_cookie}"
-  count = "${var.rabbitmq_node_count}"
+  count                  = "${var.rabbitmq_node_count}"
 }

main.tf

@@ -2,6 +2,8 @@ data "aws_vpc" "vpc" {
   id = "${var.vpc_id}"
 }
 
+data "aws_region" "current" {}
+
 data "aws_ami_ids" "ami" {
   owners = ["amazon"]
 
@@ -11,6 +13,21 @@ data "aws_ami_ids" "ami" {
   }
 }
 
+resource "random_string" "admin_password" {
+  length  = 32
+  special = false
+}
+
+resource "random_string" "rabbit_password" {
+  length  = 32
+  special = false
+}
+
+resource "random_string" "secret_cookie" {
+  length  = 64
+  special = false
+}
+
 data "aws_iam_policy_document" "policy_doc" {
   statement {
     actions = ["sts:AssumeRole"]
@@ -27,22 +44,23 @@ data "template_file" "cloud-init" {
 
   vars {
     sync_node_count = 3
-    region            = "${var.region}"
-    secret_cookie     = "${var.rabbitmq_secret_cookie}"
-    admin_password    = "${var.admin_password}"
-    rabbit_password   = "${var.rabbit_password}"
-    message_timeout   = "${3 * 24 * 60 * 60 * 1000}"  # 3 days
+    region          = "${data.aws_region.current.name}"
+    admin_password  = "${random_string.admin_password.result}"
+    rabbit_password = "${random_string.rabbit_password.result}"
+    secret_cookie   = "${random_string.secret_cookie.result}"
+    message_timeout = "${3 * 24 * 60 * 60 * 1000}"              # 3 days
   }
 }
 
 resource "aws_iam_role" "role" {
-  name               = "rabbitmq"
+  name               = "rabbitmq-${var.name}"
   assume_role_policy = "${data.aws_iam_policy_document.policy_doc.json}"
 }
 
 resource "aws_iam_role_policy" "policy" {
-  name   = "rabbitmq"
-  role   = "${aws_iam_role.role.id}"
+  name = "rabbitmq-${var.name}"
+  role = "${aws_iam_role.role.id}"
+
   policy = <<EOF
 {
     "Version": "2012-10-17",
@@ -63,30 +81,15 @@ EOF
 }
 
 resource "aws_iam_instance_profile" "profile" {
-  name = "rabbitmq"
-  role = "${aws_iam_role.role.name}"
+  name_prefix = "rabbitmq-${var.name}"
+  role        = "${aws_iam_role.role.name}"
 }
 
-
 resource "aws_security_group" "rabbitmq_elb" {
-  name        = "rabbitmq_elb"
+  name        = "rabbitmq_elb-${var.name}"
   vpc_id      = "${var.vpc_id}"
   description = "Security Group for the rabbitmq elb"
 
-  ingress {
-    protocol        = "tcp"
-    from_port       = 5672
-    to_port         = 5672
-    security_groups = ["${var.elb_security_group_ids}"]
-  }
-
-  ingress {
-    protocol        = "tcp"
-    from_port       = 80
-    to_port         = 80
-    security_groups = ["${var.elb_security_group_ids}"]
-  }
-
   egress {
     protocol    = "-1"
     from_port   = 0
@@ -95,12 +98,12 @@ resource "aws_security_group" "rabbitmq_elb" {
   }
 
   tags {
-    Name = "rabbitmq elb"
+    Name = "rabbitmq ${var.name} ELB"
   }
 }
 
 resource "aws_security_group" "rabbitmq_nodes" {
-  name        = "rabbitmq-nodes"
+  name        = "rabbitmq-${var.name}-nodes"
   vpc_id      = "${var.vpc_id}"
   description = "Security Group for the rabbitmq nodes"
 
@@ -125,42 +128,47 @@ resource "aws_security_group" "rabbitmq_nodes" {
     security_groups = ["${aws_security_group.rabbitmq_elb.id}"]
   }
 
-  ingress {
-    protocol        = "tcp"
-    from_port       = 22
-    to_port         = 22
-    security_groups = ["${var.ssh_security_group_ids}"]
-  }
-
   egress {
-    protocol    = "-1"
-    from_port   = 0
-    to_port     = 0
+    protocol  = "-1"
+    from_port = 0
+    to_port   = 0
+
     cidr_blocks = [
-      "0.0.0.0/0"
+      "0.0.0.0/0",
     ]
   }
 
   tags {
-    Name = "rabbitmq nodes"
+    Name = "rabbitmq ${var.name} nodes"
   }
 }
 
 resource "aws_launch_configuration" "rabbitmq" {
-  name                 = "rabbitmq"
+  name_prefix          = "rabbitmq-${var.name}-"
   image_id             = "${data.aws_ami_ids.ami.ids[0]}"
   instance_type        = "${var.instance_type}"
   key_name             = "${var.ssh_key_name}"
-  security_groups      = ["${aws_security_group.rabbitmq_nodes.id}"]
+  security_groups      = ["${aws_security_group.rabbitmq_nodes.id}", "${var.nodes_additional_security_group_ids}"]
   iam_instance_profile = "${aws_iam_instance_profile.profile.id}"
   user_data            = "${data.template_file.cloud-init.rendered}"
+
+  root_block_device {
+    volume_type           = "${var.instance_volume_type}"
+    volume_size           = "${var.instance_volume_size}"
+    iops                  = "${var.instance_volume_iops}"
+    delete_on_termination = true
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 resource "aws_autoscaling_group" "rabbitmq" {
-  name                      = "rabbitmq"
-  max_size                  = "${var.count}"
-  min_size                  = "${var.count}"
-  desired_capacity          = "${var.count}"
+  name_prefix               = "rabbitmq-${var.name}-"
+  min_size                  = "${var.min_size}"
+  desired_capacity          = "${var.desired_size}"
+  max_size                  = "${var.max_size}"
   health_check_grace_period = 300
   health_check_type         = "ELB"
   force_delete              = true
@@ -169,27 +177,27 @@ resource "aws_autoscaling_group" "rabbitmq" {
   vpc_zone_identifier       = ["${var.subnet_ids}"]
 
   tag {
-    key = "Name"
-    value = "rabbitmq"
+    key                 = "Name"
+    value               = "rabbitmq-${var.name}"
     propagate_at_launch = true
   }
 }
 
 resource "aws_elb" "elb" {
-  name                 = "rabbit-elb"
+  name = "rabbitmq-${var.name}-elb"
 
   listener {
-    instance_port      = 5672
-    instance_protocol  = "tcp"
-    lb_port            = 5672
-    lb_protocol        = "tcp"
+    instance_port     = 5672
+    instance_protocol = "tcp"
+    lb_port           = 5672
+    lb_protocol       = "tcp"
   }
 
   listener {
-    instance_port      = 15672
-    instance_protocol  = "http"
-    lb_port            = 80
-    lb_protocol        = "http"
+    instance_port     = 15672
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
   }
 
   health_check {
@@ -200,12 +208,12 @@ resource "aws_elb" "elb" {
     target              = "TCP:5672"
   }
 
-  subnets               = ["${var.subnet_ids}"]
-  idle_timeout          = 3600
-  internal              = true
-  security_groups       = ["${aws_security_group.rabbitmq_elb.id}"]
+  subnets         = ["${var.subnet_ids}"]
+  idle_timeout    = 3600
+  internal        = true
+  security_groups = ["${aws_security_group.rabbitmq_elb.id}", "${var.elb_additional_security_group_ids}"]
 
   tags {
-    Name = "rabbitmq"
+    Name = "rabbitmq-${var.name}"
   }
 }