initial commit

.gitignore

@@ -0,0 +1,5 @@
+.terraform/
+*.tfstate
+*.tfstate.backup
+*.plan
+*.tfvars

Makefile

@@ -0,0 +1,20 @@
+LAST_TAG := $(shell git describe --abbrev=0 --tags)
+COMMITS := $(shell git rev-list -1 $(LAST_TAG)..HEAD)
+
+patch: NEXT_VERSION = $(shell echo $(LAST_TAG) | awk -F'[v.]' '{$$4++; print $$2"."$$3"."$$4}')
+minor: NEXT_VERSION = $(shell echo $(LAST_TAG) | awk -F'[v.]' '{$$3++; print $$2"."$$3".0"}')
+major: NEXT_VERSION = $(shell echo $(LAST_TAG) | awk -F'[v.]' '{$$2++; print $$2".0.0"}')
+
+patch minor major: graph
+	@if [ -z "${COMMITS}" ]; then echo "No new commits found after ${LAST_TAG}, aborting."; fi
+	@if [ -n "${COMMITS}" ]; then git tag -s "v${NEXT_VERSION}" -m "Version ${NEXT_VERSION}"; fi
+
+release: check
+	@git push origin HEAD:master
+	@git push --tags origin HEAD:master
+	@hub release create "v${NEXT_VERSION}"
+
+check:
+	@if ! which hub terraform dot > /dev/null; then echo "Missing dependency. Required: hub, terraform, dot." && exit 1; fi;
+
+.PHONY: patch minor major release check

README.md

@@ -0,0 +1,50 @@
+# DCOS Terraform Module
+
+Using this [Terraform][] [module][], you can launch your own [DCOS][] cluster.
+
+## Configurables
+
+See [`variables.tf`](variables.tf) for a list of configurable parameters.
+
+[Terraform]: https://www.terraform.io
+[module]: https://www.terraform.io/docs/modules/index.html
+[DCOS]: https://mesosphere.com/learn/
+
+## Module Instructions
+
+To include this module in your Terraform code-base, use the following snippet:
+
+```terraform
+module "dcos" {
+  source = "github.com/jeanmertz/terraform-dcos"
+
+  aws_access_key = "..."
+  aws_secret_key = "..."
+  aws_region     = "eu-central-1"
+  ssh_public_key = "ssh-rsa ..."
+
+  ...
+}
+```
+
+Then run `terraform get` to retrieve this module.
+
+## Stand-Alone Instructions
+
+Any Terraform module can also be used on its own. To do so, follow these
+instructions:
+
+* clone the repository
+* create a `terraform.tfvars` file with all the (required) variables
+* *optionslly* run `terraform plan -out terraform.plan`
+* run `terraform apply [terraform.plan]`
+
+## Origin
+
+This module is an implementation of the official "Single Master"
+[AWS Cloud Formation template][].
+
+The [CF JSON file](origin.json) is included in this repository, to more easily
+track updates and implement those in the Terraform implementation.
+
+[AWS Cloud Formation template]: https://s3.amazonaws.com/downloads.mesosphere.io/dcos/stable/single-master.cloudformation.json

admin_security_group.tf

@@ -0,0 +1,26 @@
+resource "aws_security_group" "admin" {
+  name = "admin"
+  description = "Enable admin access to servers"
+
+  vpc_id = "${aws_vpc.dcos.id}"
+}
+
+resource "aws_security_group_rule" "admin_ingress_all" {
+  security_group_id = "${aws_security_group.admin.id}"
+
+  type = "ingress"
+  from_port = 0
+  to_port = 65535
+  protocol = "-1"
+  cidr_blocks = ["${var.admin_location}"]
+}
+
+resource "aws_security_group_rule" "admin_egress_all" {
+  security_group_id = "${aws_security_group.admin.id}"
+
+  type = "egress"
+  from_port = 0
+  to_port = 65535
+  protocol = "-1"
+  cidr_blocks = ["0.0.0.0/0"]
+}

dhcp_options.tf

@@ -0,0 +1,9 @@
+resource "aws_vpc_dhcp_options" "dcos" {
+  domain_name = "${var.aws_region}.compute.internal"
+  domain_name_servers = ["AmazonProvidedDNS"]
+}
+
+resource "aws_vpc_dhcp_options_association" "dcos" {
+  vpc_id = "${aws_vpc.dcos.id}"
+  dhcp_options_id = "${aws_vpc_dhcp_options.dcos.id}"
+}

host_keys.tf

@@ -0,0 +1,52 @@
+resource "aws_iam_access_key" "host_keys" {
+  user = "${aws_iam_user.dcos.name}"
+}
+
+resource "aws_iam_user" "dcos" {
+  name = "dcos"
+}
+
+resource "aws_iam_user_policy" "dcos" {
+    name = "dcos"
+    user = "${aws_iam_user.dcos.name}"
+    policy = <<EOF
+{
+  "Statement": [
+    {
+      "Resource": [
+        "arn:aws:s3:::${aws_s3_bucket.exhibitor.id}/*",
+        "arn:aws:s3:::${aws_s3_bucket.exhibitor.id}"
+      ],
+      "Action": [
+        "s3:AbortMultipartUpload",
+        "s3:DeleteObject",
+        "s3:GetBucketAcl",
+        "s3:GetBucketPolicy",
+        "s3:GetObject",
+        "s3:GetObjectAcl",
+        "s3:ListBucket",
+        "s3:ListBucketMultipartUploads",
+        "s3:ListMultipartUploadParts",
+        "s3:PutObject",
+        "s3:PutObjectAcl"
+      ],
+      "Effect": "Allow"
+    },
+    {
+      "Resource": "*",
+      "Action": [
+        "ec2:DescribeKeyPairs",
+        "ec2:DescribeSubnets",
+        "autoscaling:DescribeLaunchConfigurations",
+        "autoscaling:UpdateAutoScalingGroup",
+        "autoscaling:DescribeAutoScalingGroups",
+        "autoscaling:DescribeScalingActivities",
+        "elasticloadbalancing:DescribeLoadBalancers"
+      ],
+      "Effect": "Allow"
+    }
+  ],
+  "Version": "2012-10-17"
+}
+EOF
+}

internal_master_load_balancer.tf

@@ -0,0 +1,64 @@
+resource "aws_elb" "internal_master" {
+  name = "internal-master-load-balancer"
+  internal = true
+  subnets = ["${aws_subnet.public.id}"]
+
+  security_groups = [
+    "${aws_security_group.master_lb.id}",
+    "${aws_security_group.admin.id}",
+    "${aws_security_group.slave.id}",
+    "${aws_security_group.public_slave.id}",
+    "${aws_security_group.master.id}"
+  ]
+
+  health_check {
+    healthy_threshold = 2
+    unhealthy_threshold = 2
+    timeout = 5
+    target = "HTTP:5050/health"
+    interval = 30
+  }
+
+  listener {
+    instance_port = 5050
+    instance_protocol = "http"
+    lb_port = 5050
+    lb_protocol = "http"
+  }
+
+  listener {
+    instance_port = 2181
+    instance_protocol = "tcp"
+    lb_port = 2181
+    lb_protocol = "tcp"
+  }
+
+  listener {
+    instance_port = 8181
+    instance_protocol = "http"
+    lb_port = 8181
+    lb_protocol = "http"
+  }
+
+
+  listener {
+    instance_port = 80
+    instance_protocol = "http"
+    lb_port = 80
+    lb_protocol = "http"
+  }
+
+  listener {
+    instance_port = 443
+    instance_protocol = "tcp"
+    lb_port = 443
+    lb_protocol = "tcp"
+  }
+
+  listener {
+    instance_port = 8080
+    instance_protocol = "http"
+    lb_port = 8080
+    lb_protocol = "http"
+  }
+}

internet_gateway.tf

@@ -0,0 +1,8 @@
+resource "aws_internet_gateway" "dcos" {
+  vpc_id = "${aws_vpc.dcos.id}"
+
+  tags {
+    Application = "${var.stack_name}"
+    Network = "Public"
+  }
+}

key_pair.tf

@@ -0,0 +1,4 @@
+resource "aws_key_pair" "dcos" {
+  key_name = "dcos-main"
+  public_key = "${var.ssh_public_key}"
+}

lb_security_group.tf

@@ -0,0 +1,26 @@
+resource "aws_security_group" "master_lb" {
+  name = "master_lb"
+  description = "Mesos Master LB"
+
+  vpc_id = "${aws_vpc.dcos.id}"
+}
+
+resource "aws_security_group_rule" "master_lb_ingress_slave_2181" {
+  security_group_id = "${aws_security_group.master_lb.id}"
+
+  type = "ingress"
+  from_port = 2181
+  to_port = 2181
+  protocol = "tcp"
+  source_security_group_id = "${aws_security_group.slave.id}"
+}
+
+resource "aws_security_group_rule" "master_lb_egress_all" {
+  security_group_id = "${aws_security_group.master_lb.id}"
+
+  type = "egress"
+  from_port = 0
+  to_port = 65535
+  protocol = "-1"
+  cidr_blocks = ["0.0.0.0/0"]
+}

load_balancer.tf

@@ -0,0 +1,66 @@
+resource "aws_elb" "dcos" {
+  name = "dcos-load-balancer"
+  subnets = ["${aws_subnet.public.id}"]
+
+  security_groups = [
+    "${aws_security_group.master_lb.id}",
+    "${aws_security_group.admin.id}"
+  ]
+
+  health_check {
+    healthy_threshold = 2
+    unhealthy_threshold = 2
+    timeout = 5
+    target = "HTTP:5050/health"
+    interval = 30
+  }
+
+  listener {
+    instance_port = 22
+    instance_protocol = "tcp"
+    lb_port = 2222
+    lb_protocol = "tcp"
+  }
+
+  listener {
+    instance_port = 5050
+    instance_protocol = "http"
+    lb_port = 5050
+    lb_protocol = "http"
+  }
+
+  listener {
+    instance_port = 2181
+    instance_protocol = "tcp"
+    lb_port = 2181
+    lb_protocol = "tcp"
+  }
+
+  listener {
+    instance_port = 8181
+    instance_protocol = "http"
+    lb_port = 8181
+    lb_protocol = "http"
+  }
+
+  listener {
+    instance_port = 80
+    instance_protocol = "http"
+    lb_port = 80
+    lb_protocol = "http"
+  }
+
+  listener {
+    instance_port = 443
+    instance_protocol = "tcp"
+    lb_port = 443
+    lb_protocol = "tcp"
+  }
+
+  listener {
+    instance_port = 8080
+    instance_protocol = "http"
+    lb_port = 8080
+    lb_protocol = "http"
+  }
+}

master_instance_profile.tf

@@ -0,0 +1,5 @@
+resource "aws_iam_instance_profile" "master" {
+  name = "master"
+  path = "/"
+  roles = ["${aws_iam_role.master.name}"]
+}

master_launch_configuration.tf

@@ -0,0 +1,40 @@
+resource "aws_launch_configuration" "master" {
+  iam_instance_profile = "${aws_iam_instance_profile.master.id}"
+  security_groups = [
+    "${aws_security_group.master.id}",
+    "${aws_security_group.admin.id}"
+  ]
+  image_id = "${var.instance_ami}"
+  instance_type = "${var.master_instance_type}"
+  key_name = "${aws_key_pair.dcos.key_name}"
+  user_data = "${template_file.master_user_data.rendered}"
+  associate_public_ip_address = true
+
+  root_block_device {
+    volume_type = "gp2"
+    volume_size = "64"
+    delete_on_termination = true
+  }
+
+  lifecycle {
+    create_before_destroy = false
+  }
+}
+
+resource "template_file" "master_user_data" {
+  filename = "master_user_data.yml"
+
+  vars {
+    stack_name                  = "${var.stack_name}"
+    aws_region                  = "${var.aws_region}"
+    aws_access_key_id           = "${aws_iam_access_key.host_keys.id}"
+    aws_secret_access_key       = "${aws_iam_access_key.host_keys.secret}"
+    fallback_dns                = "${var.fallback_dns}"
+    internal_master_lb_dns_name = "${aws_elb.internal_master.dns_name}"
+    dcos_lb_dns_name            = "${aws_elb.dcos.dns_name}"
+    exhibitor_s3_bucket         = "${aws_s3_bucket.exhibitor.id}"
+    bootstrap_repo_root         = "${var.bootstrap_repo_root}"
+    mesos_quorum                = "${var.master_quorum_count}"
+    master_instance_count       = "${var.master_instance_count}"
+  }
+}