kite 0.0.4 → 0.0.5

data/tpl/aws/terraform/outputs.tf

@@ -1,15 +1,15 @@
 output "security_group_id" {
-    value = "${aws_security_group.boshdefault.id}"
+    value = "${aws_security_group.bosh_sg.id}"
 }
 
-output "default_subnet_id" {
-    value = "${aws_subnet.default.id}"
+output "platform_subnet_id" {
+    value = "${aws_subnet.platform.id}"
 }
 
 output "ops_services_subnet_id" {
     value = "${aws_subnet.ops_services.id}"
 }
 
-output "eip" {
-    value = "${aws_eip.boshdirector.public_ip}"
+output "bastion_ip" {
+    value = "${aws_instance.bastion.public_ip}"
 }

data/tpl/aws/terraform/terraform.tfvars.erb

@@ -1,7 +1,18 @@
-aws_access_key_id="<%= @values['aws']['access_key_id'] %>"
-aws_secret_access_key="<%= @values['aws']['secret_access_key'] %>"
-aws_region="<%= @values['aws']['region'] %>"
-aws_availability_zone="<%= @values['aws']['az'] %>"
-//ssl_cert_arn="arn:aws:iam::12345"
-ci_dns_zone_id="<%= @values['aws']['ci_dns_zone_id'] %>"
-ci_hostname="<%= @values['aws']['ci_hostname'] %>"
+# Credentials
+aws_access_key = "<%= @values['aws']['access_key'] %>"
+aws_secret_key = "<%= @values['aws']['secret_key'] %>"
+aws_region = "<%= @values['aws']['region'] %>"
+aws_availability_zone = "<%= @values['aws']['az'] %>"
+
+# Network Config
+aws_vpc_cidr_block = "<%= @values['aws']['vpc_cidr_block'] %>"
+aws_vpc_name = "<%= @values['aws']['vpc_name'] %>"
+aws_platform_subnet_cidr_block = "<%= @values['aws']['platform_subnet_cidr_block'] %>"
+aws_platform_subnet_name = "<%= @values['aws']['platform_subnet_name'] %>"
+aws_ops_subnet_cidr_block = "<%= @values['aws']['ops_subnet_cidr_block'] %>"
+aws_ops_subnet_name = "<%= @values['aws']['ops_subnet_name'] %>"
+
+# Kite config
+keypair_name = "<%= @values['kite']['keypair_name'] %>"
+public_key = "<%= @values['kite']['public_key_path'] %>"
+private_key = "<%= @values['kite']['private_key_path'] %>"

data/tpl/aws/terraform/variables.tf

@@ -1,26 +1,60 @@
-variable "aws_access_key_id" {
-type = "string"
+variable "aws_access_key" {
+  type = "string"
 }
-variable "aws_secret_access_key" {
-type = "string"
+
+variable "aws_secret_key" {
+  type = "string"
 }
+
+variable "public_key" {
+  type = "string"
+}
+
+variable "private_key" {
+  type = "string"
+}
+
+variable "keypair_name" {
+  type = "string"
+}
+
 variable "aws_region" {
-    type = "string"
-    default =  "us-east-1"
+  type = "string"
+  default =  "eu-central-1"
 }
+
 variable "aws_availability_zone" {
-    type = "string"
-    default =  "us-east-1a"
+  type = "string"
+  default =  "eu-central-1a"
+}
+
+variable "aws_vpc_cidr_block" {
+  type = "string"
+}
+
+variable "aws_vpc_name" {
+  type = "string"
+}
+
+variable "aws_platform_subnet_cidr_block" {
+  type = "string"
+}
+
+variable "aws_platform_subnet_name" {
+  type = "string"
+}
+
+variable "aws_ops_subnet_cidr_block" {
+  type = "string"
 }
-//variable "source_access_block1" {
-//type = "string"
-//}
-variable "ci_hostname" {
-type = "string"
+
+variable "aws_ops_subnet_name" {
+  type = "string"
 }
-variable "ci_dns_zone_id" {
-type = "string"
+
+variable "aws_amis" {
+  default = {
+    us-east-1 = "ami-1d4e7a66"
+    eu-central-1 = "ami-958128fa"
+  }
 }
-//variable "ssl_cert_arn" {
-//type = "string"
-//}

data/tpl/gcp/bosh-install.sh.erb

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+set -xe
+
+bosh create-env bosh-deployment/bosh.yml \
+  --state=config/state.json \
+  --vars-store=config/creds.yml \
+  -o bosh-deployment/gcp/cpi.yml \
+  -v director_name=bosh-director \
+  -v internal_cidr=<%= @values['gcp']['subnet_cidr'] %> \
+  -v internal_gw=<%= @values['gcp']['internal_gw'] %> \
+  -v internal_ip=<%= @values['bosh']['static_ip'] %> \
+  --var-file gcp_credentials_json=<%= @values['gcp']['service_account'] %> \
+  -v project_id=<%= @values['gcp']['project'] %> \
+  -v zone=<%= @values['gcp']['zone'] %> \
+  -v tags=[platform-internal] \
+  -v network=<%= @values['gcp']['vpc_name'] %> \
+  -v subnetwork=<%= @values['gcp']['subnet_name'] %>

data/tpl/gcp/terraform/main.tf

@@ -0,0 +1,56 @@
+provider "google" {
+  credentials = "${file("${var.credentials}")}"
+  project = "${var.project}"
+  region = "${var.region}"
+}
+
+# Allow SSH to Platform Bastion
+resource "google_compute_firewall" "bastion" {
+  name    = "bastion-rules"
+  network = "${google_compute_network.platform.name}"
+
+  allow {
+    protocol = "icmp"
+  }
+
+  allow {
+    protocol = "tcp"
+    ports    = ["22"]
+  }
+
+  target_tags = ["bastion"]
+}
+
+# Bastion host
+resource "google_compute_address" "bastion" {
+  name = "bastion-ip"
+}
+
+resource "google_compute_instance" "bastion" {
+  name         = "bastion"
+  machine_type = "n1-standard-1"
+  zone         = "${var.zone}"
+
+  tags = ["bastion", "platform-internal"]
+
+  boot_disk {
+    initialize_params {
+      image = "debian-cloud/debian-8"
+    }
+  }
+
+  metadata {
+    sshKeys = "kite:${file(var.public_key)}"
+  }
+
+  network_interface {
+    subnetwork = "${google_compute_subnetwork.platform_net.name}"
+    access_config {
+      nat_ip = "${google_compute_address.bastion.address}"
+    }
+  }
+
+  service_account {
+    scopes = ["userinfo-email", "compute-ro", "storage-ro"]
+  }
+}

data/tpl/gcp/terraform/network.tf

@@ -0,0 +1,30 @@
+resource "google_compute_network" "platform" {
+  name       = "${var.vpc_name}"
+}
+
+# Subnet for the Platform tools
+resource "google_compute_subnetwork" "platform_net" {
+  name          = "platform-net"
+  ip_cidr_range = "${var.subnet_cidr}"
+  network       = "${google_compute_network.platform.self_link}"
+}
+
+# Allow open access between internal VM
+resource "google_compute_firewall" "platform_internal" {
+  name    = "platform-internal"
+  network = "${google_compute_network.platform.name}"
+
+  allow {
+    protocol = "icmp"
+  }
+
+  allow {
+    protocol = "tcp"
+  }
+
+  allow {
+    protocol = "udp"
+  }
+  target_tags = ["platform-internal"]
+  source_tags = ["platform-internal"]
+}

data/tpl/gcp/terraform/outputs.tf

@@ -0,0 +1,3 @@
+output "bastion_ip" {
+  value = "${google_compute_address.bastion.address}"
+}

data/tpl/gcp/terraform/terraform.tfvars.erb

@@ -0,0 +1,14 @@
+# Kite config
+keypair_name = "<%= @values['kite']['keypair_name'] %>"
+public_key = "<%= @values['kite']['public_key_path'] %>"
+private_key = "<%= @values['kite']['private_key_path'] %>"
+
+# Credentials
+credentials = "<%= @values['gcp']['service_account'] %>"
+project = "<%= @values['gcp']['project'] %>"
+region = "<%= @values['gcp']['region'] %>"
+zone = "<%= @values['gcp']['zone'] %>"
+
+# Network Config
+vpc_name = "<%= @values['gcp']['vpc_name'] %>"
+subnet_cidr = "<%= @values['gcp']['subnet_cidr'] %>"

data/tpl/gcp/terraform/variables.tf

@@ -0,0 +1,32 @@
+
+variable "project" {
+    type = "string"
+}
+
+variable "region" {
+    type = "string"
+    default = "us-east1"
+}
+
+variable "zone" {
+    type = "string"
+    default = "us-east1-d"
+}
+
+variable "credentials" {
+    type = "string"
+}
+
+variable "vpc_name" {
+    type = "string"
+    default = "platform-tools"
+}
+
+variable "subnet_cidr" {
+    type = "string"
+    default = "10.0.0.0/24"
+}
+
+variable "public_key" {
+  type = "string"
+}

data/tpl/skel/config/cloud.yml

@@ -1,34 +1,36 @@
+kite:
+  keypair_name: "kitekey"
+  public_key_path: "~/.ssh/kite.key.pub"
+  private_key_path: "~/.ssh/kite.key"
+
 aws:
-  access_key_id: "XXXXXXXXXXXXXX"
-  secret_access_key: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
-  region: "us-east-1"
-  az: "us-east-1a"
-  bosh_password: "bosh_password"
-  keypair_name: "bosh"
-  private_key_path: "~/Downloads/bosh.pem"
-  db_password: "database_password"
-  ci_dns_zone_id: "XXXXXXXXXXXXX"
-  ci_hostname: "ci.example.com"
-  concourse_url: "http://ci.example.com"
-  concourse_auth_username: "concourse"
-  concourse_auth_password: "concourse"
+  access_key: "enter your amazon key"
+  secret_key: "enter your secret key"
+  region: "eu-central-1"
+  az: "eu-central-1a"
+  vpc_cidr_block: "10.0.0.0/16"
+  vpc_name: "platform-tools"
+  platform_subnet_cidr_block: "10.0.0.0/24"
+  platform_subnet_name: "platform_net"
+  ops_subnet_cidr_block: "10.0.10.0/24"
+  ops_subnet_name: "ops_services"
 
 gcp:
   project_id: gcp-project
   region: europe-west1
   zone: europe-west1-b
-  service_account: bosh
-  ssh_key_path: ~/.ssh/bosh
+  service_account: "~/safe/terraform.json"
+  vpc_name: "platform-tools"
+  subnet_name: "platform-net"
+  subnet_cidr: "10.0.0.0/24"
+  internal_gw: "10.0.0.1"
 
 bosh:
-  bosh_password: "bosh_password"
-  keypair_name: "bosh"
-  private_key_path: "~/Downloads/bosh.pem"
-  db_password: "database_password"
+  static_ip: "10.0.0.10"
 
 concourse:
   hostname: "ci.domain.io"
-  dns_zone: "your_dns_zone_id"
   url: "http://ci.example.com"
   auth_username: "concourse"
   auth_password: "concourse"
+  db_password: "changeme"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kite
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
 platform: ruby
 authors:
 - Louis Bellet
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-08-25 00:00:00.000000000 Z
+date: 2017-09-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -93,32 +93,21 @@ files:
 - lib/kite/helpers.rb
 - lib/kite/version.rb
 - tpl/aws/README.md
-- tpl/aws/bin/make_cloud_config.sh
-- tpl/aws/bin/make_manifest_bosh-init.sh
-- tpl/aws/bin/make_manifest_concourse-cluster.sh
 - tpl/aws/bootstrap.sh
-- tpl/aws/env.example.erb
-- tpl/aws/terraform/aws-concourse.tf
-- tpl/aws/terraform/aws-vault.tf
-- tpl/aws/terraform/bosh-aws-base.tf
+- tpl/aws/bosh/bosh_director.yml.erb
+- tpl/aws/concourse/aws_cloud.yml.erb
+- tpl/aws/concourse/concourse.yml.erb
+- tpl/aws/terraform/main.tf
+- tpl/aws/terraform/network.tf
 - tpl/aws/terraform/outputs.tf
 - tpl/aws/terraform/terraform.tfvars.erb
 - tpl/aws/terraform/variables.tf
-- tpl/gcp/INSTALL.md
-- tpl/gcp/README.md
-- tpl/gcp/cloud-config.yml.erb
-- tpl/gcp/concourse.tf
-- tpl/gcp/concourse.yml.erb
-- tpl/gcp/env.example.erb
-- tpl/gcp/main.tf
-- tpl/gcp/manifest.yml.erb
-- tpl/gcp/scripts/01_create_infrastructure.sh
-- tpl/gcp/scripts/02_deploy_director.sh
-- tpl/gcp/scripts/03_deploy_concourse.sh
-- tpl/gcp/scripts/04_delete_director.sh
-- tpl/gcp/scripts/05_delete_infrastructure.sh
-- tpl/gcp/scripts/bootstrap.sh
-- tpl/gcp/scripts/delete.sh
+- tpl/gcp/bosh-install.sh.erb
+- tpl/gcp/terraform/main.tf
+- tpl/gcp/terraform/network.tf
+- tpl/gcp/terraform/outputs.tf
+- tpl/gcp/terraform/terraform.tfvars.erb
+- tpl/gcp/terraform/variables.tf
 - tpl/skel/Gemfile.tt
 - tpl/skel/README.md.tt
 - tpl/skel/bin/kite

data/tpl/aws/env.example.erb

@@ -1,12 +0,0 @@
-export AWS_ACCESS_KEY_ID=<%= @values['aws']['access_key_id'] %>
-export AWS_SECRET_ACCESS_KEY=<%= @values['aws']['secret_access_key'] %>
-export AWS_REGION=<%= @values['aws']['region'] %>
-export AWS_AZ=<%= @values['aws']['az'] %>
-export BOSH_PASSWORD=<%= @values['aws']['bosh_password'] %>
-export AWS_KEYPAIR_KEY_NAME=<%= @values['aws']['keypair_name'] %>
-export PRIVATE_KEY_PATH=<%= @values['aws']['private_key_path'] %>
-
-export DB_PASSWORD=<%= @values['aws']['db_password'] %>
-export CONCOURSE_URL=<%= @values['aws']['concourse_url'] %>
-export CONCOURSE_AUTH_USERNAME=<%= @values['aws']['concourse_auth_username'] %>
-export CONCOURSE_AUTH_PASSWORD=<%= @values['aws']['concourse_auth_password'] %>

data/tpl/aws/terraform/aws-concourse.tf

@@ -1,127 +0,0 @@
-# Create a Concourse security group
-resource "aws_security_group" "concourse-sg" {
-  name        = "concourse-sg"
-  description = "Concourse security group"
-  vpc_id      = "${aws_vpc.default.id}"
-  tags {
-  Name = "concourse-sg"
-  component = "concourse"
-  }
-
-  # outbound internet access
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  # inbound connections from ELB
-  ingress {
-    from_port   = 8080
-    to_port     = 8080
-    protocol    = "tcp"
-    security_groups = ["${aws_security_group.elb-sg.id}"]
-  }
-
-  ingress {
-    from_port = 8080
-    to_port = 8080
-    protocol = "tcp"
-    cidr_blocks = [
-      "0.0.0.0/0"]
-  }
-
-  ingress {
-    from_port   = 2222
-    to_port     = 2222
-    protocol    = "tcp"
-    security_groups = ["${aws_security_group.elb-sg.id}"]
-  }
-}
-
-# Create an ELB security group
-resource "aws_security_group" "elb-sg" {
-  name        = "elb-sg"
-  description = "ELB security group"
-  vpc_id      = "${aws_vpc.default.id}"
-  tags {
-  Name = "elb-sg"
-  component = "concourse"
-  }
-
-  # outbound internet access
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  # inbound http
-  ingress {
-    from_port   = 80
-    to_port     = 80
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  # inbound https
-  ingress {
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  # inbound https
-  ingress {
-    from_port   = 2222
-    to_port     = 2222
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-}
-
-# Create a new load balancer
-resource "aws_elb" "concourse" {
-  name = "concourse-elb"
-  subnets = ["${aws_subnet.ops_services.id}"]
-  security_groups = ["${aws_security_group.elb-sg.id}"]
-
-  listener {
-    instance_port = 8080
-    instance_protocol = "http"
-    lb_port = 80
-    lb_protocol = "http"
-  }
-
-  listener {
-    instance_port = 8080
-    instance_protocol = "http"
-    lb_port = 80
-    lb_protocol = "http"
-//    ssl_certificate_id = "${var.ssl_cert_arn}"
-}
-
-  listener {
-    instance_port = 2222
-    instance_protocol = "tcp"
-    lb_port = 2222
-    lb_protocol = "tcp"
-  }
-
-  tags {
-  component = "concourse"
-  }
-}
-
-# Create a CNAME record
-resource "aws_route53_record" "concourse" {
-   zone_id = "${var.ci_dns_zone_id}"
-   name = "${var.ci_hostname}"
-   type = "CNAME"
-   ttl = "300"
-   records = ["${aws_elb.concourse.dns_name}"]
-}