terraform-modules

Module List

• chef-server/AWS - Deploys a full Chef server on the AWS cloud provider. If a cookbooks directory exists at the top-level directory of where this module is being referenced and contains cookbooks, then these cookbooks will also get automatically uploaded.

Basic Instructions

• Add module to a Terraform file.
• Configure variables and definitions.
• Run 'terraform get' to download the module.
• Run 'terraform plan' to verify it is going to create the module ok.
• Run 'terraform apply' to spin it up.

Module Configuration Example for Chef-Server on AWS

There are a couple files to update to get one of the modules to work.

Variables Terraform Files

Add the following variable definitions to either your top-level Terraform variables file or inside your main Terraform file.

variable "aws_instance_type" {
    default = "t2.micro"
}
variable "chef_instance_type" {
    default = "t2.small"
}
variable "chef_server_fqdn" {
    default = "chef-server.zdatacloud.local"
}

variable "chef_admin_user_name" {}
variable "chef_admin_password" {}
variable "chef_admin_first_name" {}
variable "chef_admin_last_name" {}
variable "chef_admin_email" {}
variable "chef_org_full_name" {}
variable "chef_org_short_name" {}

Top-Level Terraform File

Add this to your main Terraform file. Note - if you do not want to use variables, you can directly replace the variables with the values you need. However, it is recommended to keep your configuration and the actual Terraform config separate so that sensitive information isn't stored in a repository accidently.

• source - The sub-directory of the module you want to use. (Since this repo eventually will contain more than one module)
• ami_id - The AMI to use which is dependent on the region. The example below uses another variable for lookup.
• aws_key_name - Can be another resource or an actual key name already created.
• aws_security_group - Can be another resource or an existing security group id. The security group must be in the same VPC and region as the rest of your resources.
• private_key_path - The relative path from the top-level Terraform files of where a pre-existing key is. This is used for provisioning the Chef server.
• aws_instance_type - The size of the instance to use for your Chef server.
• chef_server_fqdn - The fully qualified domain name to use for the Chef server. The provisioner will set the hostname of the instance to this.
• admin_user_name - The name of the admin username to create.
• admin_password - The password to use.
• admin_first_name - First name of user.
• admin_last_name - Last name of user.
• admin_email - The administrator's email.
• org_full_name - The full organization name to create. Spaces are not tested.
• org_short_name - The short name of the organization. Must not contain any spaces.

module "chef-server" {
    source = "git::https://github.com/zdata-inc/terraform-modules.git//chef-server//AWS"
    ami_id = "${lookup(var.centos_6_amis, var.aws_region)}"
    aws_key_name = "${aws_key_pair.benchmarking_key.key_name}"
    aws_security_group = "${aws_security_group.greenplum_sg.id}"
    aws_subnet_id = "${aws_subnet.public_benchmarking.id}"
    private_key_path = "./artifacts/keys/id_rsa"
    aws_instance_type = "${var.chef_instance_type}"
    chef_server_fqdn = "${var.chef_server_fqdn}"
    admin_user_name = "${var.chef_admin_user_name}"
    admin_password = "${var.chef_admin_password}"
    admin_first_name = "${var.chef_admin_first_name}"
    admin_last_name = "${var.chef_admin_last_name}"
    admin_email = "${var.chef_admin_email}"
    org_full_name = "${var.chef_org_full_name}"
    org_short_name = "${var.chef_org_short_name}"
}

Edit terraform.tfvars File

Add these entries to your terraform.tfvars file. Change to whatever you want! Spaces in names may break the installer.It has not been tested.

chef_instance_type = "t2.small"
chef_server_fqdn = "chef-server.zdatacloud.local"
chef_admin_user_name = "admin"
chef_admin_password = "areallybadpwd?"
chef_admin_first_name = "Harry"
chef_admin_last_name = "Waffles"
chef_admin_email = "[email protected]"
chef_org_full_name = "zData_Inc"
chef_org_short_name = "zdata"

Generated Files and Output

This module will create several files in the top-level directory of where this module is being included / ran from.

• ./artifacts/keys/${chef_admin_user_name}.pem - The pem file for the administrator. Used for running Knife commands.
• ./artifacts/keys/${chef_org_short_name}.pem - The pem file for the organization. Used to bootstrap other instances.
• ./.chef/knife.rb - An autogenerated knife.rb file to manage Chef remotely.

How to Provision Other Servers

Create a EC2 instance resource and add an entry like below.

• node_name - The name of this node which the Chef server will know this instance by.
• run_list - A list of recipes to run once Chef-Client is installed.

You shouldn't have to change these below, but here are the descriptions.

• server_url - The Chef server URL determined by this module.
• validation_client_name - The validator name.
• validation_key - The key to use for validation key. This should remain the same since the module will automatically download this from the Chef server once it is up.
• ssl_verify_mode - Whether to verify https certificates or not.

        provisioner "chef" {
            node_name = "${format("node-%03d", count.index + 1)}"
            run_list = ["learn_chef_httpd::default"]
            server_url = "https://${module.chef-server.public_ip}/organizations/${var.chef_org_short_name}"
            validation_client_name = "${var.chef_org_short_name}-validator"
            validation_key = "${file("artifacts/keys/${var.chef_org_short_name}-validator.pem")}"
            ssl_verify_mode = ":verify_none"
        }