move ec2 key generation to Terraform, unhardcode region

2019-02-24 21:07:30 +03:00 · 2019-02-24 21:07:30 +03:00 · b6b065f98b
parent eb582ce199
commit b6b065f98b
9 changed files with 18 additions and 13 deletions
--- a/deploy.yml
+++ b/deploy.yml
@ -4,9 +4,8 @@
    - { role: check }
    - { role: s3, when: "backend|bool == true" }
    - { role: dynamodb, when: "backend|bool == true" }
-    - { role: ec2_key }
    - { role: main_infra }
  environment:
    AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
    AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
-    AWS_REGION: "us-east-1"
+    AWS_REGION: "{{ region }}"
--- a/destroy.yml
+++ b/destroy.yml
@ -9,4 +9,4 @@
  environment:
    AWS_ACCESS_KEY_ID: "{{ aws_access_key }}"
    AWS_SECRET_ACCESS_KEY: "{{ aws_secret_key }}"
-    AWS_REGION: "us-east-1"
+    AWS_REGION: "{{ region }}"
--- a/group_vars/all.yml.example
+++ b/group_vars/all.yml.example
@ -48,6 +48,9 @@ use_ssl: "false"
 alb_ssl_policy: "ELBSecurityPolicy-2016-08"
 alb_certificate_arn: "arn:aws:acm:us-east-1:290379793816:certificate/6d1bab74-fb46-4244-aab2-832bf519ab24"

+# Region. It is recommended to deploy to us-east-1 as some of the other regions fails due to varied reasons
+region: "us-east-1"
+
 ## Size of the EC2 instance EBS root volume
 root_block_size: 120

--- a/roles/ec2_key/defaults/main.yml
+++ b/roles/ec2_key/defaults/main.yml
@ -1,2 +0,0 @@
-ec2_ssh_key_name: "sokol-test"
-ec2_ssh_key_content: ""
--- a/roles/ec2_key/tasks/main.yml
+++ b/roles/ec2_key/tasks/main.yml
@ -1,6 +0,0 @@
- name: Creating a keypair
-  ec2_key:
-    name: "{{ ec2_ssh_key_name }}"
-    key_material: "{{ ec2_ssh_key_content }}"
-    force: true
-  when: ec2_ssh_key_content != ""
--- a/roles/main_infra/defaults/main.yml
+++ b/roles/main_infra/defaults/main.yml
@ -4,7 +4,6 @@ bucket: "poa-terraform-state"
 terraform_location: "/usr/local/bin/terraform"
 region: "us-east-1"
 prefix: "sokol"
-ec2_ssh_key_name: "sokol-test"
 vpc_cidr: "10.0.0.0/16"
 public_subnet_cidr: "10.0.0.0/24"
 db_subnet_cidr: "10.0.2.0/16"
@ -12,6 +11,8 @@ dns_zone_name: "poa.internal"
 instance_type: "m5.xlarge"
 root_block_size: 8
 pool_size: 30
+ec2_ssh_key_name: "sokol-test"
+ec2_ssh_key_content: ""

 db_id: "poa"
 db_name: "poa"
--- a/roles/main_infra/files/ssh.tf
+++ b/roles/main_infra/files/ssh.tf
@ -0,0 +1,5 @@
+resource "aws_key_pair" "blockscout" {
+  count      = "${var.key_content == "" ? 0 : 1}"
+  key_name   = "${var.key_name}"
+  public_key = "${var.key_content}"
+}
--- a/roles/main_infra/files/variables.tf
+++ b/roles/main_infra/files/variables.tf
@ -9,6 +9,10 @@ variable "instance_type" {}
 variable "root_block_size" {}
 variable "pool_size" {}

+variable "key_content" {
+  default = ""
+}
+
 variable "chain_jsonrpc_variant" {
  default = {}
 }
@ -53,4 +57,4 @@ variable "new_relic_license_key" {}
 variable "secret_key_base" {}
 variable "alb_ssl_policy" {}
 variable "alb_certificate_arn" {}
-variable "use_ssl" {}
+variable "use_ssl" {}
--- a/roles/main_infra/templates/terraform.tfvars.j2
+++ b/roles/main_infra/templates/terraform.tfvars.j2
@ -1,6 +1,7 @@
 region                = "{{ ansible_env.AWS_REGION }}"
 prefix                = "{{ prefix }}"
 key_name              = "{{ ec2_ssh_key_name }}"
+key_content           = "{{ ec2_ssh_key_content }}"
 vpc_cidr              = "{{ vpc_cidr }}"
 public_subnet_cidr    = "{{ public_subnet_cidr  }}"
 db_subnet_cidr        = "{{ db_subnet_cidr }}"