Skip to content
This repository was archived by the owner on Oct 14, 2022. It is now read-only.

Commit cf57772

Browse files
author
Aaron Clawson
committed
Upgraded terraform plan.
Terraform 0.12 introduces a number of changes to plan formats. This used the terraform 0.12upgrade tool to detail the upgrade path.
1 parent 1c12452 commit cf57772

File tree

21 files changed

+256
-185
lines changed

21 files changed

+256
-185
lines changed

.circleci/config.yml

+3-1
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,13 @@ version: 2
33
jobs:
44
terraform:
55
docker:
6-
- image: hashicorp/terraform:0.9.9
6+
- image: hashicorp/terraform:0.12.4
77
working_directory: ~/terraform
88
steps:
99
- checkout
1010

11+
- run: terraform init
12+
1113
- run:
1214
name: Generate the tfvars file
1315
command: |

README.md

+1-3
Original file line numberDiff line numberDiff line change
@@ -12,9 +12,7 @@ This package allows you to easily orchestrate your CircleCI Server cluster in AW
1212

1313
We use Terraform to automate parts of the infrastructure for your CircleCI Server install, so you will need to install this first:
1414

15-
**Note: We are currently working on updating the scripts for Terraform v0.12. Please use the latest patch release of v0.11 until then.**
16-
17-
* [Terraform v 0.11](https://releases.hashicorp.com/terraform/)
15+
* [Terraform](https://www.terraform.io/downloads.html)
1816

1917
## Installation
2018

circleci.tf

+97-94
Original file line numberDiff line numberDiff line change
@@ -1,53 +1,56 @@
11
data "aws_subnet" "subnet" {
2-
id = "${var.aws_subnet_id}"
2+
id = var.aws_subnet_id
33
}
44

55
data "template_file" "services_user_data" {
6-
template = "${file("templates/services_user_data.tpl")}"
7-
8-
vars {
9-
circle_secret_passphrase = "${var.circle_secret_passphrase}"
10-
sqs_queue_url = "${module.shutdown_sqs.sqs_id}"
11-
s3_bucket = "${aws_s3_bucket.circleci_bucket.id}"
12-
aws_region = "${var.aws_region}"
13-
subnet_id = "${var.aws_subnet_id}"
14-
vm_sg_id = "${aws_security_group.circleci_vm_sg.id}"
15-
http_proxy = "${var.http_proxy}"
16-
https_proxy = "${var.https_proxy}"
17-
no_proxy = "${var.no_proxy}"
6+
template = file("templates/services_user_data.tpl")
7+
8+
vars = {
9+
circle_secret_passphrase = var.circle_secret_passphrase
10+
sqs_queue_url = module.shutdown_sqs.sqs_id
11+
s3_bucket = aws_s3_bucket.circleci_bucket.id
12+
aws_region = var.aws_region
13+
subnet_id = var.aws_subnet_id
14+
vm_sg_id = aws_security_group.circleci_vm_sg.id
15+
http_proxy = var.http_proxy
16+
https_proxy = var.https_proxy
17+
no_proxy = var.no_proxy
1818
}
1919
}
2020

2121
data "template_file" "circleci_policy" {
22-
template = "${file("templates/circleci_policy.tpl")}"
22+
template = file("templates/circleci_policy.tpl")
2323

24-
vars {
25-
bucket_arn = "${aws_s3_bucket.circleci_bucket.arn}"
26-
sqs_queue_arn = "${module.shutdown_sqs.sqs_arn}"
27-
role_name = "${aws_iam_role.circleci_role.name}"
28-
aws_region = "${var.aws_region}"
24+
vars = {
25+
bucket_arn = aws_s3_bucket.circleci_bucket.arn
26+
sqs_queue_arn = module.shutdown_sqs.sqs_arn
27+
role_name = aws_iam_role.circleci_role.name
28+
aws_region = var.aws_region
2929
}
3030
}
3131

3232
data "template_file" "output" {
33-
template = "${file("templates/output.tpl")}"
33+
template = file("templates/output.tpl")
3434

35-
vars {
36-
services_public_ip = "${aws_instance.services.public_ip}"
37-
ssh_key = "${var.aws_ssh_key_name}"
35+
vars = {
36+
services_public_ip = aws_instance.services.public_ip
37+
ssh_key = var.aws_ssh_key_name
3838
}
3939
}
4040

41+
# Access Secret Key and ID should be set using envvars
42+
# AWS_ACCESS_KEY_ID
43+
# AWS_SECRET_ACCESS_KEY
4144
provider "aws" {
42-
access_key = "${var.aws_access_key}"
43-
secret_key = "${var.aws_secret_key}"
44-
region = "${var.aws_region}"
45+
access_key = var.aws_access_key
46+
secret_key = var.aws_secret_key
47+
region = var.aws_region
4548
}
4649

4750
module "shutdown_sqs" {
4851
source = "./modules/aws_sqs"
4952
name = "shutdown"
50-
prefix = "${var.prefix}"
53+
prefix = var.prefix
5154
}
5255

5356
# Single general-purpose bucket
@@ -63,34 +66,34 @@ resource "aws_s3_bucket" "circleci_bucket" {
6366
max_age_seconds = 3600
6467
}
6568

66-
force_destroy = "${var.force_destroy_s3_bucket}"
69+
force_destroy = var.force_destroy_s3_bucket
6770
}
6871

6972
## IAM for instances
7073

7174
resource "aws_iam_role" "circleci_role" {
7275
name = "${var.prefix}_role"
7376
path = "/"
74-
assume_role_policy = "${file("files/circleci_role.json")}"
77+
assume_role_policy = file("files/circleci_role.json")
7578
}
7679

7780
resource "aws_iam_role_policy" "circleci_policy" {
7881
name = "${var.prefix}_policy"
79-
role = "${aws_iam_role.circleci_role.id}"
80-
policy = "${data.template_file.circleci_policy.rendered}"
82+
role = aws_iam_role.circleci_role.id
83+
policy = data.template_file.circleci_policy.rendered
8184
}
8285

8386
resource "aws_iam_instance_profile" "circleci_profile" {
8487
name = "${var.prefix}_profile"
85-
role = "${aws_iam_role.circleci_role.name}"
88+
role = aws_iam_role.circleci_role.name
8689
}
8790

8891
## Configure the services machine
8992

9093
resource "aws_security_group" "circleci_builders_sg" {
9194
name = "${var.prefix}_builders_sg"
9295
description = "SG for CircleCI Builder instances"
93-
vpc_id = "${var.aws_vpc_id}"
96+
vpc_id = var.aws_vpc_id
9497

9598
ingress {
9699
self = true
@@ -110,10 +113,10 @@ resource "aws_security_group" "circleci_builders_sg" {
110113
resource "aws_security_group" "circleci_services_sg" {
111114
name = "${var.prefix}_services_sg"
112115
description = "SG for CircleCI services/database instances"
113-
vpc_id = "${var.aws_vpc_id}"
116+
vpc_id = var.aws_vpc_id
114117

115118
ingress {
116-
security_groups = ["${aws_security_group.circleci_builders_sg.id}"]
119+
security_groups = [aws_security_group.circleci_builders_sg.id]
117120
protocol = "-1"
118121
from_port = 0
119122
to_port = 0
@@ -125,7 +128,6 @@ resource "aws_security_group" "circleci_services_sg" {
125128
protocol = "-1"
126129
cidr_blocks = ["0.0.0.0/0"]
127130
}
128-
129131
# If using github.com (not GitHub Enterprise) whitelist GitHub cidr block
130132
# https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/
131133
#
@@ -146,10 +148,10 @@ resource "aws_security_group" "circleci_services_sg" {
146148
resource "aws_security_group" "circleci_builders_admin_sg" {
147149
name = "${var.prefix}_builders_admin_sg"
148150
description = "SG for services to masters communication - avoids circular dependency"
149-
vpc_id = "${var.aws_vpc_id}"
151+
vpc_id = var.aws_vpc_id
150152

151153
ingress {
152-
security_groups = ["${aws_security_group.circleci_services_sg.id}"]
154+
security_groups = [aws_security_group.circleci_services_sg.id]
153155
protocol = "tcp"
154156
from_port = 443
155157
to_port = 443
@@ -164,7 +166,7 @@ resource "aws_security_group" "circleci_users_sg" {
164166
name = "${var.prefix}_users_sg"
165167
description = "SG representing users of CircleCI Enterprise"
166168

167-
vpc_id = "${var.aws_vpc_id}"
169+
vpc_id = var.aws_vpc_id
168170

169171
ingress {
170172
cidr_blocks = ["0.0.0.0/0"]
@@ -197,31 +199,31 @@ resource "aws_security_group" "circleci_users_sg" {
197199

198200
# For Nomad server in 2.0 clustered installation
199201
ingress {
200-
cidr_blocks = ["${data.aws_subnet.subnet.cidr_block}"]
202+
cidr_blocks = [data.aws_subnet.subnet.cidr_block]
201203
protocol = "tcp"
202204
from_port = 4647
203205
to_port = 4647
204206
}
205207

206208
# For output-processor in 2.0 clustered installation
207209
ingress {
208-
cidr_blocks = ["${data.aws_subnet.subnet.cidr_block}"]
210+
cidr_blocks = [data.aws_subnet.subnet.cidr_block]
209211
protocol = "tcp"
210212
from_port = 8585
211213
to_port = 8585
212214
}
213215

214216
# For embedded storage in 2.0 clustered installation
215217
ingress {
216-
cidr_blocks = ["${data.aws_subnet.subnet.cidr_block}"]
218+
cidr_blocks = [data.aws_subnet.subnet.cidr_block]
217219
protocol = "tcp"
218220
from_port = 7171
219221
to_port = 7171
220222
}
221223

222224
# For build-agent to talk to vm-service
223225
ingress {
224-
cidr_blocks = ["${data.aws_subnet.subnet.cidr_block}"]
226+
cidr_blocks = [data.aws_subnet.subnet.cidr_block]
225227
protocol = "tcp"
226228
from_port = 3001
227229
to_port = 3001
@@ -241,7 +243,7 @@ resource "aws_security_group" "circleci_vm_sg" {
241243
name = "${var.prefix}_vm_sg"
242244
description = "SG for VMs allocated by CircleCI for Remote Docker and machine executor"
243245

244-
vpc_id = "${var.aws_vpc_id}"
246+
vpc_id = var.aws_vpc_id
245247

246248
ingress {
247249
cidr_blocks = ["0.0.0.0/0"]
@@ -275,103 +277,103 @@ resource "aws_security_group" "circleci_vm_sg" {
275277
}
276278

277279
resource "aws_instance" "services" {
278-
instance_type = "${var.services_instance_type}"
279-
ami = "${var.services_ami != "" ? var.services_ami : lookup(var.ubuntu_ami, var.aws_region)}"
280-
key_name = "${var.aws_ssh_key_name}"
281-
subnet_id = "${var.aws_subnet_id}"
280+
instance_type = var.services_instance_type
281+
ami = var.services_ami != "" ? var.services_ami : var.ubuntu_ami[var.aws_region]
282+
key_name = var.aws_ssh_key_name
283+
subnet_id = var.aws_subnet_id
282284
associate_public_ip_address = true
283-
disable_api_termination = "${var.services_disable_api_termination}"
284-
iam_instance_profile = "${aws_iam_instance_profile.circleci_profile.name}"
285+
disable_api_termination = var.services_disable_api_termination
286+
iam_instance_profile = aws_iam_instance_profile.circleci_profile.name
285287

286288
vpc_security_group_ids = [
287-
"${aws_security_group.circleci_services_sg.id}",
288-
"${aws_security_group.circleci_users_sg.id}",
289+
aws_security_group.circleci_services_sg.id,
290+
aws_security_group.circleci_users_sg.id,
289291
]
290292

291-
tags {
293+
tags = {
292294
Name = "${var.prefix}_services"
293295
}
294296

295297
root_block_device {
296298
volume_type = "gp2"
297299
volume_size = "150"
298-
delete_on_termination = "${var.services_delete_on_termination}"
300+
delete_on_termination = var.services_delete_on_termination
299301
}
300302

301-
user_data = "${ var.services_user_data_enabled ? data.template_file.services_user_data.rendered : "" }"
303+
user_data = var.services_user_data_enabled ? data.template_file.services_user_data.rendered : ""
302304

303305
lifecycle {
304306
prevent_destroy = false
305307
}
306308
}
307309

308310
resource "aws_route53_record" "services_route" {
309-
count = "${var.enable_route}"
310-
zone_id = "${var.route_zone_id}"
311-
name = "${var.route_name}"
311+
count = var.enable_route
312+
zone_id = var.route_zone_id
313+
name = var.route_name
312314
type = "A"
313315
ttl = "300"
314-
records = ["${aws_instance.services.public_ip}"]
316+
records = [aws_instance.services.public_ip]
315317
}
316318

317319
## Builders ASG
318320
module "legacy_builder_user_data" {
319321
source = "./modules/legacy-builder-cloudinit-ubuntu-docker-v1"
320322

321-
services_private_ip = "${aws_instance.services.private_ip}"
323+
services_private_ip = aws_instance.services.private_ip
322324

323-
circle_secret_passphrase = "${var.circle_secret_passphrase}"
324-
https_proxy = "${var.https_proxy}"
325-
http_proxy = "${var.http_proxy}"
326-
no_proxy = "${var.no_proxy}"
325+
circle_secret_passphrase = var.circle_secret_passphrase
326+
https_proxy = var.https_proxy
327+
http_proxy = var.http_proxy
328+
no_proxy = var.no_proxy
327329
}
328330

329331
module "legacy_builder" {
330332
source = "./modules/legacy-builder"
331333

332-
prefix = "${var.prefix}"
334+
prefix = var.prefix
333335
name = "builders"
334-
aws_subnet_id = "${var.aws_subnet_id}"
335-
aws_ssh_key_name = "${var.aws_ssh_key_name}"
336-
aws_instance_profile_name = "${aws_iam_instance_profile.circleci_profile.name}"
336+
aws_subnet_id = var.aws_subnet_id
337+
aws_ssh_key_name = var.aws_ssh_key_name
338+
aws_instance_profile_name = aws_iam_instance_profile.circleci_profile.name
337339

338340
builder_security_group_ids = [
339-
"${aws_security_group.circleci_builders_sg.id}",
340-
"${aws_security_group.circleci_builders_admin_sg.id}",
341-
"${aws_security_group.circleci_users_sg.id}",
341+
aws_security_group.circleci_builders_sg.id,
342+
aws_security_group.circleci_builders_admin_sg.id,
343+
aws_security_group.circleci_users_sg.id,
342344
]
343345

344-
asg_max_size = "${var.max_builders_count}"
346+
asg_max_size = var.max_builders_count
345347
asg_min_size = 0
346-
asg_desired_size = "${var.desired_builders_count}"
347-
348-
user_data = "${module.legacy_builder_user_data.rendered}"
349-
delete_volume_on_termination = "${var.services_delete_on_termination}"
350-
image_id = "${lookup(var.ubuntu_ami, var.aws_region)}"
351-
instance_type = "${var.builder_instance_type}"
352-
spot_price = "${var.legacy_builder_spot_price}"
353-
shutdown_queue_target_sqs_arn = "${module.shutdown_sqs.sqs_arn}"
354-
shutdown_queue_role_arn = "${module.shutdown_sqs.queue_role_arn}"
348+
asg_desired_size = var.desired_builders_count
349+
350+
user_data = module.legacy_builder_user_data.rendered
351+
delete_volume_on_termination = var.services_delete_on_termination
352+
image_id = var.ubuntu_ami[var.aws_region]
353+
instance_type = var.builder_instance_type
354+
spot_price = var.legacy_builder_spot_price
355+
shutdown_queue_target_sqs_arn = module.shutdown_sqs.sqs_arn
356+
shutdown_queue_role_arn = module.shutdown_sqs.queue_role_arn
355357
}
356358

357359
module "nomad" {
358360
source = "./modules/nomad"
359-
enabled = "${var.enable_nomad}"
360-
prefix = "${var.prefix}"
361-
instance_type = "${var.nomad_client_instance_type}"
362-
aws_vpc_id = "${var.aws_vpc_id}"
363-
aws_subnet_id = "${var.aws_subnet_id}"
364-
aws_ssh_key_name = "${var.aws_ssh_key_name}"
365-
http_proxy = "${var.http_proxy}"
366-
https_proxy = "${var.https_proxy}"
367-
no_proxy = "${var.no_proxy}"
368-
ami_id = "${(var.services_ami != "") ? var.services_ami : lookup(var.ubuntu_ami, var.aws_region)}"
369-
aws_subnet_cidr_block = "${data.aws_subnet.subnet.cidr_block}"
370-
services_private_ip = "${aws_instance.services.private_ip}"
361+
enabled = var.enable_nomad
362+
prefix = var.prefix
363+
instance_type = var.nomad_client_instance_type
364+
aws_vpc_id = var.aws_vpc_id
365+
aws_subnet_id = var.aws_subnet_id
366+
aws_ssh_key_name = var.aws_ssh_key_name
367+
http_proxy = var.http_proxy
368+
https_proxy = var.https_proxy
369+
no_proxy = var.no_proxy
370+
ami_id = var.services_ami != "" ? var.services_ami : var.ubuntu_ami[var.aws_region]
371+
aws_subnet_cidr_block = data.aws_subnet.subnet.cidr_block
372+
services_private_ip = aws_instance.services.private_ip
371373
}
372374

373375
output "success_message" {
374-
value = "${data.template_file.output.rendered}"
376+
value = data.template_file.output.rendered
375377
}
376378

377379
output "install_url" {
@@ -381,3 +383,4 @@ output "install_url" {
381383
output "ssh-services" {
382384
value = "ssh ubuntu@${aws_instance.services.public_ip}"
383385
}
386+

0 commit comments

Comments
 (0)