Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added an optional aws_session_token variable #35

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Added an optional aws_session_token variable #35

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c8bc282
Added an optional aws_session_token variable
l4zy0n3 Feb 2, 2024
d33f3c1
set aws_session_token to optional
l4zy0n3 Feb 21, 2024
7fe4e39
revert setting aws_session_token to default in each file
l4zy0n3 Feb 21, 2024
ff33604
Merge branch 'rancherlabs:main' into main
l4zy0n3 May 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions templates/aws-dualstack/cluster_nodes/terraform/pools/corral.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@
variable "corral_name" {} // name of the corral being created
variable "corral_user_id" {} // how the user is identified (usually github username)
variable "corral_public_key" {} // The corrals public key. This should be installed on every node.
variable "corral_name" {} // name of the corral being created
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Last point why does it have all of this formatting changes? Is this necessary?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure, @igomez06, I'll revert the unnecessary formatting

variable "corral_user_id" {} // how the user is identified (usually github username)
variable "corral_public_key" {} // The corrals public key. This should be installed on every node.
variable "corral_private_key" {} // The corrals private key. This should be installed on every node to be able to have root access, as aws does not allow this by default.

variable "aws_access_key" {}
variable "aws_secret_key" {}
variable "aws_session_token" {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yash if it's optional I think we need to default it. The optional aspect should go here: https://github.com/rancherlabs/corral-packages/blob/main/templates/aws/nodes/manifest.yaml

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also I don't see where it's used.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@igomez06 for reference https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
Since I was using a temporary token, I had to set this variable

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@l4zy0n3 But it's not really answering my question how are you setting this? And why isn't it in the manifest.yaml? Are you reading it as an env var? How would you set this in a Jenkins job?

type = string
default = ""
}
variable "aws_region" {}
variable "aws_ami" {}
variable "aws_hostname_prefix" {}
Expand All @@ -18,4 +22,4 @@ variable "aws_ipv6_80_target_group_arn" {}
variable "aws_ipv6_443_target_group_arn" {}
variable "instance_type" {}
variable "server_count" {}
variable "agent_count" {}
variable "agent_count" {}
89 changes: 45 additions & 44 deletions templates/aws-dualstack/cluster_nodes/terraform/pools/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,28 +12,29 @@ provider "random" {}
provider "aws" {
access_key = var.aws_access_key
secret_key = var.aws_secret_key
region = var.aws_region
token = var.aws_session_token
region = var.aws_region
}

resource "random_id" "cluster_id" {
byte_length = 6
byte_length = 6
}

resource "aws_key_pair" "corral_key" {
key_name = "corral-${var.corral_user_id}-${random_id.cluster_id.hex}"
key_name = "corral-${var.corral_user_id}-${random_id.cluster_id.hex}"
public_key = var.corral_public_key
}

resource "aws_instance" "server" {
count = var.server_count
ami = var.aws_ami
instance_type = var.instance_type
key_name = aws_key_pair.corral_key.key_name
ipv6_address_count = 1
source_dest_check = false
iam_instance_profile = var.aws_instance_profile
count = var.server_count
ami = var.aws_ami
instance_type = var.instance_type
key_name = aws_key_pair.corral_key.key_name
ipv6_address_count = 1
source_dest_check = false
iam_instance_profile = var.aws_instance_profile
vpc_security_group_ids = [var.aws_security_group]
subnet_id = var.aws_subnet
subnet_id = var.aws_subnet

provisioner "remote-exec" {
inline = [
Expand All @@ -43,45 +44,45 @@ resource "aws_instance" "server" {
]
}
connection {
type = "ssh"
host = self.public_ip
user = var.aws_ssh_user
private_key = var.corral_private_key
timeout = "4m"
}
type = "ssh"
host = self.public_ip
user = var.aws_ssh_user
private_key = var.corral_private_key
timeout = "4m"
}

tags = {
Name = "${var.corral_user_id}-${random_id.cluster_id.hex}-cp-${count.index}"
Name = "${var.corral_user_id}-${random_id.cluster_id.hex}-cp-${count.index}"
}
}

resource "aws_instance" "agent" {
count = var.agent_count
ami = var.aws_ami
instance_type = var.instance_type
key_name = aws_key_pair.corral_key.key_name
ipv6_address_count = 1
source_dest_check = false
iam_instance_profile = var.aws_instance_profile
count = var.agent_count
ami = var.aws_ami
instance_type = var.instance_type
key_name = aws_key_pair.corral_key.key_name
ipv6_address_count = 1
source_dest_check = false
iam_instance_profile = var.aws_instance_profile
vpc_security_group_ids = [var.aws_security_group]
subnet_id = var.aws_subnet
provisioner "remote-exec" {
subnet_id = var.aws_subnet

provisioner "remote-exec" {
inline = [
"sudo su <<EOF",
"echo ${var.corral_public_key} ${self.key_name} > /root/.ssh/authorized_keys",
"EOF",
]
}
connection {
type = "ssh"
host = self.public_ip
user = var.aws_ssh_user
private_key = var.corral_private_key
timeout = "4m"
}
type = "ssh"
host = self.public_ip
user = var.aws_ssh_user
private_key = var.corral_private_key
timeout = "4m"
}
tags = {
Name = "${var.corral_user_id}-${random_id.cluster_id.hex}-agent-${count.index}"
Name = "${var.corral_user_id}-${random_id.cluster_id.hex}-agent-${count.index}"
}
}

Expand All @@ -104,7 +105,7 @@ resource "aws_lb" "aws_nlb" {
load_balancer_type = "network"
subnets = [var.aws_subnet]
name = "${var.aws_hostname_prefix}-nlb"
ip_address_type = "dualstack"
ip_address_type = "dualstack"
}

resource "aws_lb_listener" "aws_nlb_listener_80" {
Expand All @@ -128,14 +129,14 @@ resource "aws_lb_listener" "aws_nlb_listener_443" {
}

resource "aws_route53_record" "aws_route53" {
zone_id = data.aws_route53_zone.selected.zone_id
name = var.aws_hostname_prefix
type = "CNAME"
ttl = "300"
records = ["dualstack.${aws_lb.aws_nlb.dns_name}"]
zone_id = data.aws_route53_zone.selected.zone_id
name = var.aws_hostname_prefix
type = "CNAME"
ttl = "300"
records = ["dualstack.${aws_lb.aws_nlb.dns_name}"]
}

data "aws_route53_zone" "selected" {
name = var.aws_route53_zone
private_zone = false
}
name = var.aws_route53_zone
private_zone = false
}
4 changes: 4 additions & 0 deletions templates/aws-replace-node/terraform/pools/corral.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ variable "corral_private_key" {} // The corrals private key. This should be ins

variable "aws_access_key" {}
variable "aws_secret_key" {}
variable "aws_session_token" {
type = string
default = ""
}
variable "aws_region" {}
variable "aws_ami" {}
variable "aws_ssh_user" {}
Expand Down
1 change: 1 addition & 0 deletions templates/aws-replace-node/terraform/pools/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ provider "random" {}
provider "aws" {
access_key = var.aws_access_key
secret_key = var.aws_secret_key
token = var.aws_session_token
region = var.aws_region
}

Expand Down
12 changes: 8 additions & 4 deletions templates/aws/cluster_nodes/terraform/pools/corral.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,17 @@
variable "corral_name" {} // name of the corral being created
variable "corral_user_id" {} // how the user is identified (usually github username)
variable "corral_public_key" {} // The corrals public key. This should be installed on every node.
variable "corral_name" {} // name of the corral being created
variable "corral_user_id" {} // how the user is identified (usually github username)
variable "corral_public_key" {} // The corrals public key. This should be installed on every node.
variable "corral_private_key" {} // The corrals private key. This should be installed on every node to be able to have root access, as aws does not allow this by default.
variable "corral_ssh_key_type" {
default = "rsa"
default = "rsa"
} // The corrals ssh key type (rsa, ed25519, etc.)

variable "aws_access_key" {}
variable "aws_secret_key" {}
variable "aws_session_token" {
type = string
default = ""
}
variable "aws_region" {}
variable "aws_ami" {}
variable "aws_hostname_prefix" {}
Expand Down
Loading