working test

GuyBarros · GuyBarros · commit 8b9aaa289c2c · 2018-12-12T14:04:16.000Z
diff --git a/main.tf b/main.tf
@@ -37,12 +37,15 @@ module "primarycluster" {
   cidr_blocks         = "${var.cidr_blocks}"
   instance_type_server= "${var.instance_type_server}"
   instance_type_worker= "${var.instance_type_worker}"
-  ca_key_algorithm   = "${module.rootcertificate.ca_key_algorithm}"
+//  ca_key_algorithm   = "${var.ca_key_algorithm}"
+//  ca_private_key_pem = "${var.ca_private_key_pem}"
+//  ca_cert_pem        = "${var.ca_cert_pem}"
+ca_key_algorithm   = "${module.rootcertificate.ca_key_algorithm}"
   ca_private_key_pem = "${module.rootcertificate.ca_private_key_pem}"
   ca_cert_pem        = "${module.rootcertificate.ca_cert_pem}"
 }
 
-
+/*
 module "secondarycluster" {
   source              = "./modules"
   owner               = "${var.owner}"
@@ -76,10 +79,14 @@ module "secondarycluster" {
   cidr_blocks         = "${var.cidr_blocks}"
   instance_type_server= "${var.instance_type_server}"
   instance_type_worker= "${var.instance_type_worker}"
-  ca_key_algorithm   = "${module.rootcertificate.ca_key_algorithm}"
+//  ca_key_algorithm   = "${var.ca_key_algorithm}"
+//  ca_private_key_pem = "${var.ca_private_key_pem}"
+//  ca_cert_pem        = "${var.ca_cert_pem}"
+ca_key_algorithm   = "${module.rootcertificate.ca_key_algorithm}"
   ca_private_key_pem = "${module.rootcertificate.ca_private_key_pem}"
   ca_cert_pem        = "${module.rootcertificate.ca_cert_pem}"
 }
+*/
 
 module "rootcertificate" {
   source              = "github.com/GuyBarros/terraform-tls-certificate"
@@ -91,3 +98,4 @@ module "rootcertificate" {
   validity_period_hours = 720
   is_ca_certificate = true
 }
+
diff --git a/modules/certificates/main.tf b/modules/certificates/main.tf
diff --git a/modules/outputs.tf b/modules/outputs.tf
@@ -1,9 +1,9 @@
-output "consul_servers" {
-  value = ["${aws_instance.server.*.public_dns}"]
+output "ssh_for_servers" {
+   value = "${formatlist("ssh -i /Users/guy/.ssh/id_rsa ubuntu@%s", aws_instance.server.*.public_dns,)}"
 }
 
-output "nomad_workers_server" {
-  value = ["${aws_instance.workers.*.public_dns}"]
+output "ssh_for_workers" {
+  value = "${formatlist("ssh demo@%s", aws_instance.workers.*.public_dns,)}"
 }
 
 output "nomad_workers_consul_ui" {
diff --git a/modules/templates/server/vault.sh b/modules/templates/server/vault.sh
@@ -301,7 +301,28 @@ EOR
     explicit_max_ttl=0
  
  echo "--> Creating Initial secret for Nomad KV"
- vault write secret/test message='Hi Mom'
-  
+ vault write secret/test message='Hello world'
+
+ echo "--> nomad nginx-vault-pki demo prep"
+{
+vault secrets enable pki &&
+
+vault write pki/root/generate/internal common_name=service.consul &&
 
+vault write pki/roles/consul-service generate_lease=true allowed_domains="service.consul" allow_subdomains="true"  &&
+
+vault write pki/issue/consul-service  common_name=nginx.service.consul  ttl=72h  &&
+
+vault policy-write superuser - <<EOR
+path "*" { 
+  capabilities = ["create", "read", "update", "delete", "list", "sudo"] 
+  }
+
+EOR
+  
+} ||
+{
+  echo "--> pki demo already configured, moving on"
+}
+ 
 echo "==> Vault is done!"
diff --git a/modules/templates/workers/connectdemo.sh b/modules/templates/workers/connectdemo.sh
@@ -5,12 +5,11 @@ echo "==> Consul Connect Demo Setup"
 
 
 echo "--> Running MongoDB Nomad Job"
-
-nomad run /demostack/nomad_jobs/nginx-kv-secret.nomad
-nomad run /demostack/nomad_jobs/mongodb.nomad
+nomad run /demostack/nomad_jobs/nginx-pki.nomad
 nomad run /demostack/nomad_jobs/hashibo.nomad
 nomad run /demostack/nomad_jobs/orchestrators.nomad
 
+
 echo "==> Consul Connect Demo Setup is Done!"
 
 
diff --git a/outputs.tf b/outputs.tf
@@ -1,8 +1,13 @@
 // Primary
-output "primary_nomad_workers_server" {
-  value = ["${module.primarycluster.nomad_workers_server}"]
+output "primary_ssh_for_servers" {
+  value = ["${module.primarycluster.ssh_for_servers}"]
 }
 
+output "primary_ssh_for_workers" {
+  value = ["${module.primarycluster.ssh_for_workers}"]
+}
+
+
 output "primary_nomad_workers_consul_ui" {
   value = ["${module.primarycluster.nomad_workers_consul_ui}"]
 }
@@ -11,9 +16,6 @@ output "primary_nomad_workers_ui" {
   value = ["${module.primarycluster.nomad_workers_ui}"]
 }
 
-output "primary_consul_servers" {
-  value = "${module.primarycluster.consul_servers}"
-}
 
 output "primary_vpc_id" {
   value = "${module.primarycluster.vpc_id}"
@@ -33,7 +35,7 @@ output "primary_vault_ui" {
 
 
 // Secondary
-
+/*
 output "secondary_nomad_workers_server" {
   value = ["${module.secondarycluster.nomad_workers_server}"]
 }
@@ -65,6 +67,7 @@ output "secondary_vault_lb" {
 output "secondary_vault_ui" {
   value = "${module.secondarycluster.vault_ui}"
 }
+*/
 
 
 

Original file line number	Diff line number	Diff line change
`@@ -1,9 +1,9 @@`
`1`		`-output "consul_servers" {`
`2`		`- value = ["${aws_instance.server.*.public_dns}"]`
	`1`	`+output "ssh_for_servers" {`
	`2`	`+ value = "${formatlist("ssh -i /Users/guy/.ssh/id_rsa ubuntu@%s", aws_instance.server.*.public_dns,)}"`
`3`	`3`	`}`
`4`	`4`
`5`		`-output "nomad_workers_server" {`
`6`		`- value = ["${aws_instance.workers.*.public_dns}"]`
	`5`	`+output "ssh_for_workers" {`
	`6`	`+ value = "${formatlist("ssh demo@%s", aws_instance.workers.*.public_dns,)}"`
`7`	`7`	`}`
`8`	`8`
`9`	`9`	`output "nomad_workers_consul_ui" {`