Upgrade code to be terraform 0.12 compatible (#71)

* .Fix fixed outdated certificate

* .Fix fixed missing ami problem

* .Update use available ami for example

* .Update switch to last pre terraform 12 consul module tag

* .Update switch to consul 0.7.0 module

* .Update upgrade consul example to tf 12

* .Update upgraded consul module to tf 12

* .Update upgrade bastion module to tf 12

* .Update upgrade networking to tf 12

* .Update upgrade nomad module to tf 12

* .Update removed unused consul_cluster_security_group_id

* .Update added needed security groups to enable nomad to register at consul

* .Update upgrade nomad-datacenter module to tf 12

* .Update upgrade ui-access module to tf 12

* .Update added changelog

* .Update upgrade root-module to tf 12

* .Update changelog

* .Fix used available variable instead of removed local

* .Fix used available variable instead of removed local

CHANGELOG.md

@@ -0,0 +1,20 @@
+# Changelog
+
+## v0.2.0 (2019-??-??)
+
+- **major (incompatible)**, Refactor: With [#70](https://github.com/MatthiasScholz/cos/issues/70) the cos module was upgraded to be compatible to terraform 0.12.0.
+  - Furthermore the depending modules where upgraded as well:
+    - terraform-aws-consul from [v0.3.1](https://github.com/hashicorp/terraform-aws-consul/tree/v0.3.1) to [v0.7.0](https://github.com/hashicorp/terraform-aws-consul/tree/v0.7.0)
+    - terraform-aws-nomad from [v0.4.5](https://github.com/hashicorp/terraform-aws-nomad/tree/v0.4.5) to [v0.5.0](https://github.com/hashicorp/terraform-aws-nomad/tree/v0.5.0)
+- License: With [9156e49](https://github.com/MatthiasScholz/cos/commit/9156e49f0eabbfc50100aeb778e6a776ba376b96) the license model was changed from GPL to LGPL, a more relaxed one.
+- Test: With PR [#68](https://github.com/MatthiasScholz/cos/pull/68) tests (terratest) where added to ensure functionality of the COS.
+
+## v0.1.1 (2019-07-20)
+
+## v0.1.0 (2019-06-14)
+
+## v0.0.3 (2019-01-01)
+
+## v0.0.2 (2018-12-13)
+
+## v0.0.1 (2018-04-30)

examples/bastion/main.tf

@@ -6,8 +6,8 @@ locals {
 }
 
 provider "aws" {
-  profile = "${var.deploy_profile}"
-  region  = "${local.aws_region}"
+  profile = var.deploy_profile
+  region  = local.aws_region
 }
 
 resource "random_pet" "unicorn" {
@@ -21,22 +21,22 @@ data "aws_vpc" "default" {
 }
 
 data "aws_subnet_ids" "all" {
-  vpc_id = "${data.aws_vpc.default.id}"
+  vpc_id = data.aws_vpc.default.id
 }
 
 module "bastion" {
   source = "../../modules/bastion"
 
   ## required parameters
-  vpc_id       = "${data.aws_vpc.default.id}"
-  subnet_id    = "${element(data.aws_subnet_ids.all.ids,0)}"
-  ami_id       = "${local.ami_id}"
+  vpc_id       = data.aws_vpc.default.id
+  subnet_id    = element(tolist(data.aws_subnet_ids.all.ids), 0)
+  ami_id       = local.ami_id
   ssh_key_name = "${var.ssh_key_name}"
 
   ## optional parameters
-  aws_region = "${local.aws_region}"
-  env_name   = "${local.env_name}"
-  stack_name = "${local.stack_name}"
+  aws_region = local.aws_region
+  env_name   = local.env_name
+  stack_name = local.stack_name
 
   allowed_ssh_cidr_blocks = {
     "all" = "0.0.0.0/0"

examples/bastion/outputs.tf

@@ -1,5 +1,5 @@
 output "bastion_ip" {
-  value = "${module.bastion.bastion_ip}"
+  value = module.bastion.bastion_ip
 }
 
 output "ssh_login" {

examples/bastion/versions.tf

@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}

examples/consul/main.tf

@@ -4,8 +4,8 @@ locals {
 }
 
 provider "aws" {
-  profile = "${var.deploy_profile}"
-  region  = "${var.aws_region}"
+  profile = var.deploy_profile
+  region  = var.aws_region
 }
 
 ### obtaining default vpc, security group and subnet of the env
@@ -14,21 +14,21 @@ data "aws_vpc" "default" {
 }
 
 data "aws_subnet_ids" "all" {
-  vpc_id = "${data.aws_vpc.default.id}"
+  vpc_id = data.aws_vpc.default.id
 }
 
 module "consul" {
   source = "../../modules/consul"
 
   ## required parameters
-  vpc_id     = "${data.aws_vpc.default.id}"
-  subnet_ids = "${data.aws_subnet_ids.all.ids}"
-  ami_id     = "${var.ami_id}"
+  vpc_id     = data.aws_vpc.default.id
+  subnet_ids = data.aws_subnet_ids.all.ids
+  ami_id     = var.ami_id
 
   ## optional parameters
-  aws_region              = "${var.aws_region}"
-  env_name                = "${local.env_name}"
-  stack_name              = "${local.stack_name}"
+  aws_region              = var.aws_region
+  env_name                = local.env_name
+  stack_name              = local.stack_name
   cluster_tag_key         = "consul-servers"
   cluster_tag_value       = "${local.stack_name}-${local.env_name}-consul-srv"
   allowed_ssh_cidr_blocks = ["0.0.0.0/0"]

examples/consul/outputs.tf

@@ -1,15 +1,15 @@
 output "asg_name_consul_servers" {
-  value = "${module.consul.asg_name_consul_servers}"
+  value = module.consul.asg_name_consul_servers
 }
 
 output "security_group_id_consul_servers" {
-  value = "${module.consul.security_group_id_consul_servers}"
+  value = module.consul.security_group_id_consul_servers
 }
 
 output "consul_servers_cluster_tag_key" {
-  value = "${module.consul.consul_servers_cluster_tag_key}"
+  value = module.consul.consul_servers_cluster_tag_key
 }
 
 output "consul_servers_cluster_tag_value" {
-  value = "${module.consul.consul_servers_cluster_tag_value}"
+  value = module.consul.consul_servers_cluster_tag_value
 }

examples/consul/versions.tf

@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}

examples/networking/main.tf

@@ -1,9 +1,9 @@
 provider "aws" {
-  profile = "${var.deploy_profile}"
-  region  = "${var.aws_region}"
+  profile = var.deploy_profile
+  region  = var.aws_region
 }
 
 module "networking" {
   source = "../../modules/networking"
-  region = "${var.aws_region}"
+  region = var.aws_region
 }

examples/networking/versions.tf

@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}

examples/nomad-datacenter/main.tf

@@ -4,8 +4,8 @@ locals {
 }
 
 provider "aws" {
-  profile = "${var.deploy_profile}"
-  region  = "${var.aws_region}"
+  profile = var.deploy_profile
+  region  = var.aws_region
 }
 
 resource "random_pet" "unicorn" {
@@ -19,11 +19,11 @@ data "aws_vpc" "default" {
 }
 
 data "aws_subnet_ids" "all" {
-  vpc_id = "${data.aws_vpc.default.id}"
+  vpc_id = data.aws_vpc.default.id
 }
 
 resource "aws_security_group" "sg_nomad_server" {
-  vpc_id      = "${data.aws_vpc.default.id}"
+  vpc_id      = data.aws_vpc.default.id
   name_prefix = "sg_nomad_server"
   description = "Sample nomad server sg."
 }
@@ -32,17 +32,17 @@ module "nomad-datacenter" {
   source = "../../modules/nomad-datacenter"
 
   ## required parameters
-  vpc_id                   = "${data.aws_vpc.default.id}"
-  subnet_ids               = "${data.aws_subnet_ids.all.ids}"
-  ami_id                   = "${var.ami_id}"
+  vpc_id                   = data.aws_vpc.default.id
+  subnet_ids               = data.aws_subnet_ids.all.ids
+  ami_id                   = var.ami_id
   consul_cluster_tag_key   = "consul-servers"
   consul_cluster_tag_value = "${local.stack_name}-${local.env_name}-consul-srv"
-  server_sg_id             = "${aws_security_group.sg_nomad_server.id}"
+  server_sg_id             = aws_security_group.sg_nomad_server.id
 
   ## optional parameters
-  aws_region              = "${var.aws_region}"
-  env_name                = "${local.env_name}"
-  stack_name              = "${local.stack_name}"
+  aws_region              = var.aws_region
+  env_name                = local.env_name
+  stack_name              = local.stack_name
   allowed_ssh_cidr_blocks = ["0.0.0.0/0"]
   ssh_key_name            = "${var.ssh_key_name}"
   datacenter_name         = "public-services"
@@ -64,8 +64,11 @@ module "nomad-datacenter" {
     "desired_capacity" = 1
   }
 
-  ebs_block_devices = [{
-    "device_name" = "/dev/xvdf"
-    "volume_size" = "50"
-  }]
+  ebs_block_devices = [
+    {
+      "device_name" = "/dev/xvdf"
+      "volume_size" = "50"
+    },
+  ]
 }
+

examples/nomad-datacenter/vars.tf

@@ -4,7 +4,7 @@ variable "deploy_profile" {
 
 variable "ami_id" {
   description = "Id of the AMI for the nomad and consul nodes."
-  default     = "ami-a23feadf"
+  default     = "ami-09118e4b58586b75d"
 }
 
 variable "aws_region" {

examples/nomad-datacenter/versions.tf

@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}

examples/nomad/main.tf

@@ -1,15 +1,15 @@
 locals {
   stack_name               = "COS"
   env_name                 = "playground"
-  consul_ami_id            = "${var.ami_id}"
-  nomad_ami_id             = "${var.ami_id}"
+  consul_ami_id            = var.ami_id
+  nomad_ami_id             = var.ami_id
   consul_cluster_tag_key   = "consul-servers"
   consul_cluster_tag_value = "${local.stack_name}-SDCFG-consul-${random_pet.unicorn.id}"
 }
 
 provider "aws" {
-  profile = "${var.deploy_profile}"
-  region  = "${var.aws_region}"
+  profile = var.deploy_profile
+  region  = var.aws_region
 }
 
 resource "random_pet" "unicorn" {
@@ -23,23 +23,23 @@ data "aws_vpc" "default" {
 }
 
 data "aws_subnet_ids" "all" {
-  vpc_id = "${data.aws_vpc.default.id}"
+  vpc_id = data.aws_vpc.default.id
 }
 
 module "consul" {
   source = "../../modules/consul"
 
   ## required parameters
-  vpc_id     = "${data.aws_vpc.default.id}"
-  subnet_ids = "${data.aws_subnet_ids.all.ids}"
-  ami_id     = "${local.consul_ami_id}"
+  vpc_id     = data.aws_vpc.default.id
+  subnet_ids = data.aws_subnet_ids.all.ids
+  ami_id     = local.consul_ami_id
 
   ## optional parameters
-  aws_region              = "${var.aws_region}"
-  env_name                = "${local.env_name}"
-  stack_name              = "${local.stack_name}"
-  cluster_tag_key         = "${local.consul_cluster_tag_key}"
-  cluster_tag_value       = "${local.consul_cluster_tag_value}"
+  aws_region              = var.aws_region
+  env_name                = local.env_name
+  stack_name              = local.stack_name
+  cluster_tag_key         = local.consul_cluster_tag_key
+  cluster_tag_value       = local.consul_cluster_tag_value
   allowed_ssh_cidr_blocks = ["0.0.0.0/0"]
   ssh_key_name            = "${var.ssh_key_name}"
 }
@@ -48,17 +48,16 @@ module "nomad" {
   source = "../../modules/nomad"
 
   ## required parameters
-  vpc_id                           = "${data.aws_vpc.default.id}"
-  subnet_ids                       = "${data.aws_subnet_ids.all.ids}"
-  ami_id                           = "${local.nomad_ami_id}"
-  consul_cluster_tag_key           = "${local.consul_cluster_tag_key}"
-  consul_cluster_tag_value         = "${local.consul_cluster_tag_value}"
-  consul_cluster_security_group_id = "${module.consul.security_group_id_consul_servers}"
+  vpc_id                           = data.aws_vpc.default.id
+  subnet_ids                       = data.aws_subnet_ids.all.ids
+  ami_id                           = local.nomad_ami_id
+  consul_cluster_tag_key           = local.consul_cluster_tag_key
+  consul_cluster_tag_value         = local.consul_cluster_tag_value
 
   ## optional parameters
-  aws_region              = "${var.aws_region}"
-  env_name                = "${local.env_name}"
-  stack_name              = "${local.stack_name}"
+  aws_region              = var.aws_region
+  env_name                = local.env_name
+  stack_name              = local.stack_name
   allowed_ssh_cidr_blocks = ["0.0.0.0/0"]
   ssh_key_name            = "${var.ssh_key_name}"
   instance_type           = "t2.micro"
@@ -71,3 +70,4 @@ module "nomad" {
     "desired_capacity" = 3
   }
 }
+

examples/nomad/outputs.tf

@@ -1,15 +1,16 @@
 output "aws_region" {
-  value = "${var.aws_region}"
+  value = var.aws_region
 }
 
 output "nomad_servers_cluster_tag_key" {
-  value = "${module.nomad.nomad_servers_cluster_tag_key}"
+  value = module.nomad.nomad_servers_cluster_tag_key
 }
 
 output "nomad_servers_cluster_tag_value" {
-  value = "${module.nomad.nomad_servers_cluster_tag_value}"
+  value = module.nomad.nomad_servers_cluster_tag_value
 }
 
 output "num_nomad_servers" {
-  value = "${module.nomad.num_nomad_servers}"
+  value = module.nomad.num_nomad_servers
 }
+

examples/nomad/sg_consul_nomad.tf

@@ -0,0 +1,26 @@
+locals {
+  # The rule_map contains the spec for the security group rules that should be applied.
+  # An entry is of the form "<description>" = ["<protocol>",<from_port>,<to_port>]
+  rule_map = {
+    "Grants access from nomad (rcp, serf: lan, wan - tcp)" =  ["tcp",8300,8302],
+    "Grants access from nomad (rcp, serf: lan, wan - udp)" =  ["udp",8301,8302],
+    "Grants access from nomad (http)" =  ["tcp",8500,8500],
+    "Grants access from nomad (dns tcp)" =  ["tcp",8600,8600],
+    "Grants access from nomad (dns udp)" =  ["udp",8600,8600],
+  }
+}
+
+# rule granting access from nomad to consul on ports defined in rule_map
+# [nomad>consul]
+resource "aws_security_group_rule" "sgr_nomad_to_consul" {
+
+  for_each = local.rule_map
+
+  type                     = "ingress"
+  description              = each.key
+  protocol                 = element(each.value,0)
+  from_port                = element(each.value,1)
+  to_port                  = element(each.value,2)
+  source_security_group_id = module.nomad.security_group_id_nomad_servers
+  security_group_id        = module.consul.security_group_id_consul_servers
+}

examples/nomad/sg_nomad_consul.tf

@@ -0,0 +1,18 @@
+locals {
+  protocols = ["tcp","udp"]
+}
+
+# rule granting access from consul to nomad server on ports
+# 8300...8302 tcp and udp
+# [consul>nomad] RCP, Serf LAN and WAN, TCP + UDP
+resource "aws_security_group_rule" "sgr_consul_to_nomad_server" {
+  count = length(local.protocols)
+
+  type                     = "ingress"
+  description              = "Grants access from consul server (rcp, serf: lan, wan - ${element(local.protocols,count.index)})"
+  from_port                = 8300
+  to_port                  = 8302
+  protocol                 = element(local.protocols,count.index)
+  source_security_group_id = module.consul.security_group_id_consul_servers
+  security_group_id        = module.nomad.security_group_id_nomad_servers
+}

examples/nomad/vars.tf

@@ -4,7 +4,7 @@ variable "deploy_profile" {
 
 variable "ami_id" {
   description = "Id of the AMI for the nomad and consul nodes."
-  default     = "ami-a23feadf"
+  default     = "ami-09118e4b58586b75d"
 }
 
 variable "ssh_key_name" {