WIP: Launch an on demand AWS workspace instance

logsearch · Aug 6, 2015 · 530a72b · mrdavidlaing · Aug 6, 2015 · simonjohansson
1 parent 0bb566d
commit 530a72b
Show file tree

Hide file tree

Showing 4 changed files with 130 additions and 28 deletions.
diff --git a/.gitignore b/.gitignore
@@ -34,4 +34,5 @@ build/
 .rvmrc
 
 .vagrant/
-workspace/
+workspace/
+*.tfstate*
diff --git a/_setup/terraform/aws-workspace/README.md b/_setup/terraform/aws-workspace/README.md
@@ -10,6 +10,20 @@ export TF_VAR_workspace_security_group_id1="sg-6a1a080e" #stayup-pcf-VMs
 export TF_VAR_workspace_security_group_id2="sg-65fa4302" #staff_office_ips
 
 ```
-Make sure that you had `ssh-add`ed the key to your keychain
+0. Make sure your IP is listed in the `staff_office_ips` security group
+0. Make sure that you had `ssh-add`ed the key to your keychain
 
-0. `/path/to/logsearch-workspace/_setup/terraform/aws-workspace$ terraform apply`  
+0. `/path/to/logsearch-workspace/_setup/terraform/aws-workspace$ terraform apply`  
+
+
+## Tricks
+
+0.  Use `terraform taint aws_volume_attachment.workspace_ebs_att` to re-run just the provision.sh script
+
+```
+_setup/terraform/aws-workspace$ terraform taint aws_volume_attachment.workspace_ebs_att
+The resource aws_volume_attachment.workspace_ebs_att in the module root has been marked as tainted!
+_setup/terraform/aws-workspace$ terraform apply
+...snip...
+aws_volume_attachment.workspace_ebs_att: Provisioning with 'remote-exec'...
+```
diff --git a/_setup/terraform/aws-workspace/main.tf b/_setup/terraform/aws-workspace/main.tf
@@ -4,43 +4,100 @@ provider "aws" {
     region = "us-east-1"
 }
 
-resource "aws_spot_instance_request" "workspace_instance" {
-    ami = "ami-3fee3b54" #BOSH lite 9000.38
-    instance_type = "m3.xlarge"
-    spot_price = "0.15"
+resource "aws_ebs_volume" "workspace_disk" {
+   availability_zone = "us-east-1a"
+   size = 10
+   tags {
+       Name = "workspace_disk"
+   }
+}
 
-    wait_for_fulfillment = true
+resource "aws_instance" "workspace_instance" {
+    ami = "ami-3fee3b54" #BOSH lite 9000.38
+    instance_type = "m3.medium"
     key_name = "${var.workspace_key_name}"
     tags {
         Name = "workspace_instance"
     }
 
     subnet_id = "${var.workspace_subnet_id}"
-    #vpc_security_group_ids = ["${var.workspace_security_group_id0}", "${var.workspace_security_group_id1}", "${var.workspace_security_group_id2}"]
+    vpc_security_group_ids = ["${var.workspace_security_group_id0}", "${var.workspace_security_group_id1}", "${var.workspace_security_group_id2}"]
+
+    associate_public_ip_address = "true"
 
     root_block_device {
       volume_type = "gp2"
-      volume_size = 100
+      volume_size = 10
     }
 
+}
+
+resource "aws_volume_attachment" "workspace_ebs_att" {
+    device_name = "/dev/sdf"
+    volume_id = "${aws_ebs_volume.workspace_disk.id}"
+    #instance_id = "${aws_spot_instance_request.workspace_instance.spot_instance_id}"
+    instance_id = "${aws_instance.workspace_instance.id}"
+
     provisioner "remote-exec" {
         script = "provision.sh"
         connection {
+          host = "${aws_instance.workspace_instance.public_ip}"
           user = "ubuntu"
+
         }
     }
 }
 
-resource "aws_ebs_volume" "workspace_disk" {
-   availability_zone = "us-east-1a"
-   size = 40
-   tags {
-       Name = "workspace_disk"
-   }
-}
 
-resource "aws_volume_attachment" "workspace_ebs_att" {
-    device_name = "/dev/sdf"
-    volume_id = "${aws_ebs_volume.workspace_disk.id}"
-    instance_id = "${aws_spot_instance_request.workspace_instance.spot_instance_id}"
-}
+#resource "aws_spot_instance_request" "workspace_instance" {
+#    ami = "ami-3fee3b54" #BOSH lite 9000.38
+#    instance_type = "m3.xlarge"
+#    spot_price = "0.15"
+#
+#    subnet_id = "${var.workspace_subnet_id}"
+#
+#    wait_for_fulfillment = true
+#    key_name = "${var.workspace_key_name}"
+#    tags {
+#        Name = "workspace_instance"
+#    }
+#
+#    root_block_device {
+#      volume_type = "gp2"
+#      volume_size = 100
+#    }
+#}
+#
+#resource "aws_network_interface" "workspace_instance_network_interface" {
+#    subnet_id = "${var.workspace_subnet_id}"
+#    security_groups = ["${var.workspace_security_group_id0}", "${var.workspace_security_group_id1}", "${var.#workspace_security_group_id2}"]
+#    attachment {
+#        instance = "${aws_spot_instance_request.workspace_instance.spot_instance_id}"
+#        device_index = 1
+#    }
+#    tags {
+#        Name = "workspace_instance"
+#    }
+#}
+#
+#
+#resource "aws_eip" "workspace_instance_public_ip" {
+#    network_interface = "${aws_network_interface.workspace_instance_network_interface.id}"
+#
+#    vpc = true
+#    
+#    provisioner "remote-exec" {
+#        script = "provision.sh"
+#        connection {
+#          host = "${aws_eip.workspace_instance_public_ip.public_ip}"
+#          user = "ubuntu"
+#          key_file = "${var.workspace_key_file}"
+#        }
+#    }
+#
+#}
+
+
+
+
+
diff --git a/_setup/terraform/aws-workspace/provision.sh b/_setup/terraform/aws-workspace/provision.sh
@@ -1,10 +1,40 @@
 #!/bin/bash
-echo "Provisioning!"
+echo "Provisioning..."
 
-apt-get -y install git
+sudo apt-get update
+sudo apt-get -y install git
 
-exit 0
+echo "Mounting persistent disk as as /workspaces..."
+# TODO: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-using-volumes.html
 
-git clone https://github.com/logsearch/workspace /root/logsearch-workspace
- cd /root/logsearch-workspace
- _setup/runtime/install_dependancies
+echo "Relocating all user home dirs to /workspaces..."
+# TODO
+
+echo "Installing logsearch-workspace dependancies..."
+# TODO: 
+# sudo git clone https://github.com/logsearch/workspace /root/logsearch-workspace
+# sudo /root/logsearch-workspace/_setup/runtime/install_dependancies
+
+echo "Provision user accounts"
+# TODO - not sure this step can/should be automated
+# steps:
+# sudo /root/logsearch-workspace/_setup/runtime/add_new_workspace --workspace-tenant-number 1 --workspace-username mrdavidlaing --workspace-public-key 'ssh-rsa AAAAB3...' --workspace-homedirs /workspaces
+# sudo /root/logsearch-workspace/_setup/runtime/add_new_workspace --workspace-tenant-number 2 --workspace-username user2 ...
+
+echo "Installing CF..."
+# TODO
+echo "Adding ip-tables routes to CF"
+# PRIVATE_IP=????
+# sudo iptables -t nat -A PREROUTING -p tcp -d $PRIVATE_IP --dport 80 -j DNAT --to 10.244.0.34:80
+# sudo iptables -t nat -A PREROUTING -p tcp -d $PRIVATE_IP --dport 443 -j DNAT --to 10.244.0.34:443
+
+# sudo iptables-save > /etc/iptables/rules.v4
+
+echo "Installing Logsearch..."
+# TODO
+
+echo "=-=-=-=-=-=-=-=-=-=-=-=-=-="
+echo " "
+echo "\o/ Provisioning completed!"
+echo " |"
+echo '/ \'