From 994315117a8fbd455533491ff4b0c60faf22e676 Mon Sep 17 00:00:00 2001 From: Mateus Padua Date: Mon, 14 Oct 2019 08:53:51 -0300 Subject: [PATCH] Added options to choice admin user and password, and remove or not 'guest user'. Added option to create or not autoscaling_lifecycle_hook. Update example to work with terraform 0.12 --- README.md | 45 +++++++++++++++++++--- example/provider.tf | 76 +++++++++++++++++++++----------------- example/rabbit.auto.tfvars | 5 +++ example/variables.tf | 40 ++++++++++++++++++++ rabbit-node.tf | 20 ++++++---- user_data/rabbitmq.sh | 9 ++++- variables.tf | 23 ++++++++++++ 7 files changed, 169 insertions(+), 49 deletions(-) diff --git a/README.md b/README.md index 13273ae..13b46cd 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,33 @@ I'll let you refer to our other modules if you want to use them, otherwise it sh Apart from the network, there is not much configuration to do as you can see in the example folder. Here are the main settings: ```hcl +module "alb" { + source = "path/to/module/rabbitmq-alb" + + # General settings + environment = "Specify the environment (Prod/Staging/Test/whatever...)" + name = "An useful name to identify your clustser" + + internal = false + domain_name = "yourdomain.com" + + cluster_fqdn = "test" + + # Network + subnet_ids = ["subnet-xxxxxx", "subnet-yyyyyy"] + + # Autoscaling target group + # Note: only the servers need an ALB (only the servers expose an UI) + autoscaling_group = module.rabbit.autoscaling_group + + # allowed_inbound_cidr_blocks = var.ingress_public_cidr_blocks + alb_security_group = module.rabbit.security_group_id + + # # External Settings + certificate_arn = "arn:aws:acm:eu-west-3:xxxxxxxxxxxxx" + vpc_id = "vpc-xxxxxx" +} + module "rabbit" { source = "path/to/module" @@ -39,12 +66,13 @@ module "rabbit" { # https://github.com/CitizenPlane/terraform-aws-rabbitmq/blob/dc123d34742202811455d1bea50cb5f779186d2f/user_data/rabbitmq.sh#L122 cluster_fqdn = "test" - region = "eu-west-3" - ssh_key_name = "ft_ssh_key" - desired_capacity = 3 - autoscaling_min_size = 3 - autoscaling_max_size = 5 - instance_ebs_optimized = false + region = "eu-west-3" + ssh_key_name = "ft_ssh_key" + desired_capacity = 3 + autoscaling_min_size = 3 + autoscaling_max_size = 5 + do_autoscaling_lifecycle_hook = false + instance_ebs_optimized = false vpc_id = "vpc_id" @@ -53,6 +81,11 @@ module "rabbit" { root_volume_size = 20 # / rabbit_volume_size = 50 # /var/lib/rabbitmq + # rabbitmq_version = "rabbitmq-server-v3.7.x" # rabbitmq-server-v3.6.x, rabbitmq-server-v3.7.x, rabbitmq-server-v3.8.x/ + # erlang_version = "erlang-21.x" # erlang-16.x, erlang-19.x, erlang-20.x, erlang-21.x, erlang-22.x + rabbitmq_admin_user = "your_username" + rabbitmq_admin_password = "your_password" + rabbitmq_remove_guest_user = true associate_public_ip_address = true diff --git a/example/provider.tf b/example/provider.tf index d94e481..9de3f1a 100644 --- a/example/provider.tf +++ b/example/provider.tf @@ -1,70 +1,78 @@ provider "aws" { - region = "${var.region}" - profile = "${var.profile}" + region = var.region + profile = var.profile } module "alb" { source = "../rabbitmq-alb" # # General settings - environment = "${var.environment}" - name = "${var.cluster_name}" + environment = var.environment + name = var.cluster_name internal = false - domain_name = "${var.domain_name}" - datacenter = "${var.region}" + domain_name = var.domain_name + datacenter = var.region - cluster_fqdn = "${var.cluster_fqdn}" + cluster_fqdn = var.cluster_fqdn # # Network - subnet_ids = "${var.subnet_ids}" + subnet_ids = var.subnet_ids # # Autoscaling target group # # Note: only the servers need an ALB (only the servers expose an UI) - autoscaling_group = "${module.rabbit.autoscaling_group}" + autoscaling_group = module.rabbit.autoscaling_group - allowed_inbound_cidr_blocks = "${var.ingress_public_cidr_blocks}" - alb_security_group = "${module.rabbit.security_group_id}" + allowed_inbound_cidr_blocks = var.ingress_public_cidr_blocks + alb_security_group = module.rabbit.security_group_id # # External Settings - certificate_arn = "${var.certificate_arn}" - vpc_id = "${var.vpc_id}" + certificate_arn = var.certificate_arn + vpc_id = var.vpc_id } module "rabbit" { source = "../" - name = "${var.cluster_name}" - environment = "${var.environment}" + name = var.cluster_name + environment = var.environment - erl_secret_cookie = "${var.erl_secret_cookie}" - aws_access_key = "${var.aws_access_key}" - aws_secret_key = "${var.aws_secret_key}" + erl_secret_cookie = var.erl_secret_cookie + aws_access_key = var.aws_access_key + aws_secret_key = var.aws_secret_key - cluster_fqdn = "${var.cluster_fqdn}" + cluster_fqdn = var.cluster_fqdn - region = "${var.region}" - ssh_key_name = "${var.ssh_key_name}" - desired_capacity = "${var.desired_capacity}" - instance_ebs_optimized = "${var.instance_ebs_optimized}" + region = var.region + ssh_key_name = var.ssh_key_name + desired_capacity = var.desired_capacity + autoscaling_min_size = var.autoscaling_min_size + autoscaling_max_size = var.autoscaling_max_size + do_autoscaling_lifecycle_hook = var.do_autoscaling_lifecycle_hook + instance_ebs_optimized = var.instance_ebs_optimized - vpc_id = "${var.vpc_id}" - external_subnets = "${var.external_subnets}" + vpc_id = var.vpc_id + external_subnets = var.external_subnets - root_volume_size = "${var.root_volume_size}" - rabbit_volume_size = "${var.rabbit_volume_size}" + root_volume_size = var.root_volume_size + rabbit_volume_size = var.rabbit_volume_size + rabbitmq_version = var.root_volume_size + erlang_version = var.erlang_version + rabbitmq_admin_user = var.rabbitmq_admin_user + rabbitmq_admin_password = var.rabbitmq_admin_password + rabbitmq_remove_guest_user = var.rabbitmq_remove_guest_user - associate_public_ip_address = "${var.associate_public_ip_address}" + associate_public_ip_address = var.associate_public_ip_address - image_id = "${var.image_id}" + image_id = var.image_id - ingress_private_cidr_blocks = "${var.ingress_private_cidr_blocks}" - ingress_public_cidr_blocks = "${var.ingress_public_cidr_blocks}" - internet_public_cidr_blocks = "${var.internet_public_cidr_blocks}" + ingress_private_cidr_blocks = var.ingress_private_cidr_blocks + ingress_public_cidr_blocks = var.ingress_public_cidr_blocks + internet_public_cidr_blocks = var.internet_public_cidr_blocks - instance_type = "${var.instance_type}" + instance_type = var.instance_type - az_count = "${var.az_count}" + az_count = var.az_count cpu_high_limit = "70" cpu_low_limit = "20" diff --git a/example/rabbit.auto.tfvars b/example/rabbit.auto.tfvars index 400660c..36a64dc 100644 --- a/example/rabbit.auto.tfvars +++ b/example/rabbit.auto.tfvars @@ -5,6 +5,11 @@ ssh_key_name = "Insert your ssh key name here" root_volume_size = 50 # / rabbit_volume_size = 50 # /var/lib/rabbitmq instance_ebs_optimized = false +# rabbitmq_version = "rabbitmq-server-v3.7.x" # rabbitmq-server-v3.6.x, rabbitmq-server-v3.7.x, rabbitmq-server-v3.8.x/ +# erlang_version = "erlang-21.x" # erlang-16.x, erlang-19.x, erlang-20.x, erlang-21.x, erlang-22.x +rabbitmq_admin_user = "your_username" +rabbitmq_admin_password = "your_password" +rabbitmq_remove_guest_user = true ## AMI # Note : AMI are region-related make sure the AMI you choose is available in your region diff --git a/example/variables.tf b/example/variables.tf index 4e0822e..7a1eeea 100644 --- a/example/variables.tf +++ b/example/variables.tf @@ -18,6 +18,20 @@ variable "desired_capacity" { description = "Default size of your manager swarm (1, 3, 5)" } +variable "autoscaling_min_size" { + description = "defined the minimum amount of the nodes you want in your autoscaling group" +} + +variable "autoscaling_max_size" { + description = "defined the maximum amount of the nodes you want in your autoscaling group" +} + +variable "do_autoscaling_lifecycle_hook" { + type = bool + description = "defined if or not the lifecycle hook wil be created" + default = false +} + variable "root_volume_size" { description = "Size of the filesystem mounted on `/`" } @@ -26,6 +40,32 @@ variable "rabbit_volume_size" { description = "Size of the docker filesystem mount point" } +variable "rabbitmq_version" { + description = "The version of the rabbitmq that you want install. To see all versions click this link: https://dl.bintray.com/rabbitmq/debian/dists/" + default = "main" # rabbitmq-server-v3.6.x, rabbitmq-server-v3.7.x, rabbitmq-server-v3.8.x/ +} + +variable "erlang_version" { + description = "The version of the rabbitmq that you want install. To see all versions click this link: https://dl.bintray.com/rabbitmq-erlang/debian/dists/" + default = "erlang" # erlang-16.x, erlang-19.x, erlang-20.x, erlang-21.x, erlang-22.x +} + +variable "rabbitmq_admin_user" { + description = "The admin username to connect at rabbitmq by manager panel and amqp" + default = "admin" +} + +variable "rabbitmq_admin_password" { + description = "The admin password to connect at rabbitmq by manager panel and amqp" + default = "admin" +} + +variable "rabbitmq_remove_guest_user" { + type = bool + description = "remove default guest user from rabbitmq" + default = false +} + variable "image_id" { description = "Aws ami to be used by ec2 instances" } diff --git a/rabbit-node.tf b/rabbit-node.tf index 90b3e1f..3757d0a 100755 --- a/rabbit-node.tf +++ b/rabbit-node.tf @@ -5,14 +5,17 @@ data "template_file" "rabbit-node" { template = file("${path.module}/user_data/rabbitmq.sh") vars = { - AWS_REGION = var.region - VPC_ID = var.vpc_id - ERL_SECRET_COOKIE = var.erl_secret_cookie - AWS_ACCESS_KEY = var.aws_access_key - AWS_SECRET_KEY = var.aws_secret_key - RABBITMQ_VERSION = var.rabbitmq_version - ERLANG_VERSION = var.erlang_version - CLUSTER_NAME = "${var.cluster_fqdn}-${var.name}-${var.environment}" + AWS_REGION = var.region + VPC_ID = var.vpc_id + ERL_SECRET_COOKIE = var.erl_secret_cookie + AWS_ACCESS_KEY = var.aws_access_key + AWS_SECRET_KEY = var.aws_secret_key + RABBITMQ_VERSION = var.rabbitmq_version + ERLANG_VERSION = var.erlang_version + CLUSTER_NAME = "${var.cluster_fqdn}-${var.name}-${var.environment}" + RABBITMQ_ADMIN_USER = var.rabbitmq_admin_user + RABBITMQ_ADMIN_PASSWORD = var.rabbitmq_admin_password + RABBITMQ_REMOVE_GUEST_USER = var.rabbitmq_remove_guest_user } } @@ -114,6 +117,7 @@ resource "aws_autoscaling_policy" "rabbit-node-scale-down" { } resource "aws_autoscaling_lifecycle_hook" "rabbit-node-upgrade" { + count = var.do_autoscaling_lifecycle_hook ? 1 : 0 name = "${var.name}-${var.environment}-rabbit-node-upgrade-hook" autoscaling_group_name = aws_autoscaling_group.rabbit-node.name default_result = "CONTINUE" diff --git a/user_data/rabbitmq.sh b/user_data/rabbitmq.sh index 7e333a1..04e6e34 100644 --- a/user_data/rabbitmq.sh +++ b/user_data/rabbitmq.sh @@ -144,6 +144,13 @@ apt-get install -y --fix-missing \ erlang \ rabbitmq-server +rabbitmqctl add_user ${RABBITMQ_ADMIN_USER} ${RABBITMQ_ADMIN_PASSWORD} +rabbitmqctl set_user_tags ${RABBITMQ_ADMIN_USER} administrator +rabbitmqctl set_permissions -p / ${RABBITMQ_ADMIN_USER} ".*" ".*" ".*" -rabbitmqctl set_cluster_name ${CLUSTER_NAME} +remove_guest_user=${RABBITMQ_REMOVE_GUEST_USER} +if [[ $remove_guest_user = true ]]; then + rabbitmqctl delete_user guest +fi +rabbitmqctl set_cluster_name ${CLUSTER_NAME} \ No newline at end of file diff --git a/variables.tf b/variables.tf index 9b089d7..25a6c10 100755 --- a/variables.tf +++ b/variables.tf @@ -69,6 +69,22 @@ variable "erlang_version" { default = "erlang" # erlang-16.x, erlang-19.x, erlang-20.x, erlang-21.x, erlang-22.x } +variable "rabbitmq_admin_user" { + description = "The admin username to connect at rabbitmq by manager panel and amqp" + default = "admin" +} + +variable "rabbitmq_admin_password" { + description = "The admin password to connect at rabbitmq by manager panel and amqp" + default = "admin" +} + +variable "rabbitmq_remove_guest_user" { + type = bool + description = "remove default guest user from rabbitmq" + default = false +} + # ------------------------------------------------------ # Network - VPC parameters # ------------------------------------------------------ @@ -141,3 +157,10 @@ variable "autoscaling_max_size" { description = "defined the maximum amount of the nodes you want in your autoscaling group" } +variable "do_autoscaling_lifecycle_hook" { + type = bool + description = "defined if or not the lifecycle hook wil be created" + default = false +} + +