-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathinfrastructure-as-code.tf
62 lines (57 loc) · 1.53 KB
/
infrastructure-as-code.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# When a profile is specified, tf will try to use
# ~/.aws/credentials.
provider "aws" {
region = var.aws_region
profile = var.aws_profile
version = "~> 2.66"
}
resource "aws_key_pair" "openrmf" {
public_key = file(var.pki_public_key)
}
resource "aws_instance" "openrmf" {
ami = var.ami
associate_public_ip_address = "true"
instance_type = var.instance_type
key_name = aws_key_pair.openrmf.key_name
subnet_id = var.subnet_id
vpc_security_group_ids = [
aws_security_group.allow_ssh.id,
aws_security_group.allow_any_outbound.id,
aws_security_group.allow_keycloak.id,
aws_security_group.allow_openrmf.id
]
tags = {
Name = "openrmf"
}
}
resource "aws_eip" "openrmf" {
instance = aws_instance.openrmf.id
vpc = true
tags = {
Name = "openrmf"
}
connection {
type = "ssh"
user = var.ssh_user
private_key = file(var.pki_private_key)
host = self.public_ip
}
provisioner "remote-exec" {
inline = [
"sudo yum install -y python3"
]
}
provisioner "local-exec" {
command = "ansible-playbook --extra-vars \"rmf_admin_password=${var.rmf_admin_password}\" -u ${var.ssh_user} -i '${self.public_ip},' --private-key ${var.pki_private_key} playbook.openrmf.yml"
environment = {
ANSIBLE_HOST_KEY_CHECKING = "False"
}
}
}
#
# We need to export the EIP ip address, not the instance's.
#
resource "local_file" "inventory" {
content = "[all]\n${aws_eip.openrmf.public_ip}"
filename = "${path.module}/inventory"
}