Merge pull request #217 from wking/aws-bootstrap-module

modules/aws/bootstrap: Pull AWS bootstrap setup into a module

modules/aws/bootstrap/README.md

@@ -0,0 +1,51 @@
+# Bootstrap Module
+
+This [Terraform][] [module][] manages [AWS][] resources only needed during cluster bootstrapping.
+It uses [implicit provider inheritance][implicit-provider-inheritance] to access the [AWS provider][AWS-provider].
+
+## Example
+
+Set up a `main.tf` with:
+
+```hcl
+provider "aws" {
+  region = "us-east-1"
+}
+
+resource "aws_s3_bucket" "example" {
+}
+
+resource "aws_vpc" "example" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+}
+
+resource "aws_subnet" "example" {
+  vpc_id     = "${aws_vpc.example.id}"
+  cidr_block = "${aws_vpc.example.cidr_block}"
+}
+
+module "bootstrap" {
+  source = "github.com/openshift/installer//modules/aws/bootstrap"
+
+  ami            = "ami-07307c397daf4d02e"
+  bucket         = "${aws_s3_bucket.example.id}"
+  cluster_name   = "my-cluster"
+  ignition       = "{\"ignition\": {\"version\": \"2.2.0\"}}",
+  subnet_id      = "${aws_subnet.example.id}"
+}
+```
+
+Then run:
+
+```console
+$ terraform init
+$ terraform plan
+```
+
+[AWS]: https://aws.amazon.com/
+[AWS-provider]: https://www.terraform.io/docs/providers/aws/
+[implicit-provider-inheritance]: https://www.terraform.io/docs/modules/usage.html#implicit-provider-inheritance
+[module]: https://www.terraform.io/docs/modules/
+[Terraform]: https://www.terraform.io/

modules/aws/bootstrap/main.tf

@@ -0,0 +1,127 @@
+resource "aws_s3_bucket_object" "ignition" {
+  bucket  = "${var.bucket}"
+  key     = "bootstrap.ign"
+  content = "${var.ignition}"
+  acl     = "private"
+
+  server_side_encryption = "AES256"
+
+  tags = "${var.tags}"
+
+  lifecycle {
+    ignore_changes = ["*"]
+  }
+}
+
+data "ignition_config" "redirect" {
+  replace {
+    source = "s3://${var.bucket}/bootstrap.ign"
+  }
+}
+
+resource "aws_iam_instance_profile" "bootstrap" {
+  name = "${var.cluster_name}-bootstrap-profile"
+
+  role = "${var.iam_role == "" ?
+    join("|", aws_iam_role.bootstrap.*.name) :
+    join("|", data.aws_iam_role.bootstrap.*.name)
+  }"
+}
+
+data "aws_iam_role" "bootstrap" {
+  count = "${var.iam_role == "" ? 0 : 1}"
+  name  = "${var.iam_role}"
+}
+
+resource "aws_iam_role" "bootstrap" {
+  count = "${var.iam_role == "" ? 1 : 0}"
+  name  = "${var.cluster_name}-bootstrap-role"
+  path  = "/"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": "sts:AssumeRole",
+            "Principal": {
+                "Service": "ec2.amazonaws.com"
+            },
+            "Effect": "Allow",
+            "Sid": ""
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "bootstrap" {
+  count = "${var.iam_role == "" ? 1 : 0}"
+  name  = "${var.cluster_name}-bootstrap-policy"
+  role  = "${aws_iam_role.bootstrap.id}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": "ec2:Describe*",
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": "ec2:AttachVolume",
+      "Resource": "*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": "ec2:DetachVolume",
+      "Resource": "*"
+    },
+    {
+      "Action" : [
+        "s3:GetObject"
+      ],
+      "Resource": "arn:aws:s3:::*",
+      "Effect": "Allow"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_instance" "bootstrap" {
+  ami = "${var.ami}"
+
+  iam_instance_profile        = "${aws_iam_instance_profile.bootstrap.name}"
+  instance_type               = "${var.instance_type}"
+  subnet_id                   = "${var.subnet_id}"
+  user_data                   = "${data.ignition_config.redirect.rendered}"
+  vpc_security_group_ids      = ["${var.vpc_security_group_ids}"]
+  associate_public_ip_address = "${var.associate_public_ip_address}"
+
+  lifecycle {
+    # Ignore changes in the AMI which force recreation of the resource. This
+    # avoids accidental deletion of nodes whenever a new OS release comes out.
+    ignore_changes = ["ami"]
+  }
+
+  tags = "${merge(map(
+    "kubernetes.io/cluster/${var.cluster_name}", "owned",
+  ), var.tags)}"
+
+  root_block_device {
+    volume_type = "${var.volume_type}"
+    volume_size = "${var.volume_size}"
+    iops        = "${var.volume_type == "io1" ? var.volume_iops : 0}"
+  }
+
+  volume_tags = "${var.tags}"
+}
+
+resource "aws_elb_attachment" "bootstrap" {
+  count    = "${length(var.elbs)}"
+  elb      = "${var.elbs[count.index]}"
+  instance = "${aws_instance.bootstrap.id}"
+}

modules/aws/bootstrap/variables.tf

@@ -0,0 +1,77 @@
+variable "ami" {
+  type        = "string"
+  description = "The AMI ID for the bootstrap node."
+}
+
+variable "associate_public_ip_address" {
+  default     = false
+  description = "If set to true, public-facing ingress resources are created."
+}
+
+variable "bucket" {
+  type        = "string"
+  description = "The S3 bucket name for bootstrap ignition file."
+}
+
+variable "cluster_name" {
+  type        = "string"
+  description = "The name of the cluster."
+}
+
+variable "elbs" {
+  type        = "list"
+  default     = []
+  description = "Elastic load balancer IDs to attach to the bootstrap node."
+}
+
+variable "iam_role" {
+  type        = "string"
+  default     = ""
+  description = "The name of the IAM role to assign to the bootstrap node."
+}
+
+variable "ignition" {
+  type        = "string"
+  description = "The content of the bootstrap ignition file."
+}
+
+variable "instance_type" {
+  type        = "string"
+  default     = "t2.medium"
+  description = "The EC2 instance type for the bootstrap node."
+}
+
+variable "subnet_id" {
+  type        = "string"
+  description = "The subnet ID for the bootstrap node."
+}
+
+variable "tags" {
+  type        = "map"
+  default     = {}
+  description = "AWS tags to be applied to created resources."
+}
+
+variable "volume_iops" {
+  type        = "string"
+  default     = "100"
+  description = "The amount of IOPS to provision for the disk."
+}
+
+variable "volume_size" {
+  type        = "string"
+  default     = "30"
+  description = "The volume size (in gibibytes) for the bootstrap node's root volume."
+}
+
+variable "volume_type" {
+  type        = "string"
+  default     = "gp2"
+  description = "The volume type for the bootstrap node's root volume."
+}
+
+variable "vpc_security_group_ids" {
+  type        = "list"
+  default     = []
+  description = "VPC security group IDs for the bootstrap node."
+}