Created
June 14, 2022 13:43
-
-
Save jfrancoa/830650202726c45f311a4bd84a8524fa to your computer and use it in GitHub Desktop.
Terraform templates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| terraform { | |
| required_providers { | |
| aws = { | |
| source = "hashicorp/aws" | |
| version = "~> 3.27" | |
| } | |
| } | |
| } | |
| # USE Environment variables AWS_ACCESS_KEY and AWS_SECRET_ACCESS_KEY | |
| # export AWS_ACCESS_KEY = "********" | |
| # export AWS_SECRET_ACCESS_KEY = "*********" | |
| provider "aws" { | |
| region = var.winc_region | |
| } | |
| resource "aws_instance" "win_server_1" { | |
| ami = data.aws_ami.windows-2019.id | |
| instance_type = var.winc_instance_type | |
| ebs_optimized = false | |
| subnet_id = data.aws_instance.winc-machine-node.subnet_id | |
| security_groups = data.aws_instance.winc-machine-node.vpc_security_group_ids | |
| iam_instance_profile = data.aws_instance.winc-machine-node.iam_instance_profile | |
| user_data = data.template_file.windows-userdata.rendered | |
| tags = { | |
| Name = "${var.winc_instance_name}1" | |
| } | |
| } | |
| resource "aws_instance" "win_server_2" { | |
| ami = data.aws_ami.windows-2019.id | |
| instance_type = var.winc_instance_type | |
| ebs_optimized = false | |
| subnet_id = data.aws_instance.winc-machine-node.subnet_id | |
| security_groups = data.aws_instance.winc-machine-node.vpc_security_group_ids | |
| iam_instance_profile = data.aws_instance.winc-machine-node.iam_instance_profile | |
| user_data = data.template_file.windows-userdata.rendered | |
| tags = { | |
| Name = "${var.winc_instance_name}2" | |
| } | |
| } | |
| #resource "aws_instance" "win_server_2022" { | |
| # ami = data.aws_ami.windows-2022.id | |
| # instance_type = var.winc_instance_type | |
| # ebs_optimized = false | |
| # subnet_id = data.aws_instance.winc-machine-node.subnet_id | |
| # security_groups = data.aws_instance.winc-machine-node.vpc_security_group_ids | |
| # iam_instance_profile = data.aws_instance.winc-machine-node.iam_instance_profile | |
| # user_data = data.template_file.windows-userdata.rendered | |
| # tags = { | |
| # Name = "${var.winc_instance_name}22" | |
| # } | |
| #} | |
| # Get latest Windows Server 2019 AMI | |
| data "aws_ami" "windows-2019" { | |
| most_recent = true | |
| owners = ["amazon"] | |
| filter { | |
| name = "name" | |
| values = ["Windows_Server-2019-English-Full-ContainersLatest*"] | |
| } | |
| } | |
| # Get latest Windows Server 2022 AMI | |
| data "aws_ami" "windows-2022" { | |
| most_recent = true | |
| owners = ["amazon"] | |
| filter { | |
| name = "name" | |
| values = ["Windows_Server-2022-English-Full-ContainersLatest*"] | |
| } | |
| } | |
| data "aws_instance" "winc-machine-node" { | |
| filter { | |
| name = "private-dns-name" | |
| values = [var.winc_machine_hostname] | |
| } | |
| } | |
| output "instance_ip_1" { | |
| value = aws_instance.win_server_1.private_ip | |
| } | |
| output "instance_ip_2" { | |
| value = aws_instance.win_server_2.private_ip | |
| } | |
| # output "instance_ip_22" { | |
| # value = aws_instance.win_server_2022.private_ip | |
| # } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| winc_instance_name = "byoh-windows-worker" | |
| winc_machine_hostname = "ip-10-0-131-228.us-east-2.compute.internal" | |
| winc_instance_type = "m5a.large" | |
| winc_region = "us-east-2" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Instance name for the newly created Windows VM | |
| variable winc_instance_name { | |
| type = string | |
| } | |
| # Hostname for one of the already existing cluster VM nodes | |
| # You can get this info with: oc get nodes -l node-role.kubernetes.io/worker --no-headers | |
| variable winc_machine_hostname { | |
| type = string | |
| } | |
| # New instance type | |
| variable winc_instance_type { | |
| type = string | |
| } | |
| # AWS Region | |
| variable winc_region { | |
| type = string | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Bootstrapping PowerShell Script | |
| data "template_file" "windows-userdata" { | |
| template = <<EOF | |
| <powershell> | |
| # Rename Machine | |
| #Rename-Computer -NewName "${var.winc_instance_name}" -Force;# Install IIS | |
| $authorizedKeyConf = "$env:ProgramData\ssh\administrators_authorized_keys" | |
| $authorizedKeyFolder = Split-Path -Path $authorizedKeyConf | |
| if (!(Test-Path $authorizedKeyFolder)) | |
| { | |
| New-Item -path $authorizedKeyFolder -ItemType Directory | |
| } | |
| Write-Output "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWkwurd8TNAi+D7ffvyDdhGBSQtJx3/Yedlwvvha0q772vLlOAGlKCw4dajKy6qty1/GGQDgTJ17h3C9TEArI8ZqILnyydeY56DL+ELN3dtGBVof/N2qtW0+SmEnd1Mi7Qy5Tx4e/GVmB3NgX9szwNOVXhebzgBsXc9x+RtCVLPLC8J+qqSdTUZ0UfJsh2ptlQLGHmmTpF//QlJ1tngvAFeCOxJUhrLAa37P9MtFsiNk31EfKyBk3eIdZljTERmqFaoJCohsFFEdO7tVgU6p5NwniAyBGZVjZBzjELoI1aZ+/g9yReIScxl1R6PWqEzcU6lGo2hInnb6nuZFGb+90D [email protected]" | Out-File -FilePath $authorizedKeyConf -Encoding ascii | |
| Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 | |
| # SSH service startup type | |
| Set-Service -Name ssh-agent -StartupType 'Automatic' | |
| Set-Service -Name sshd -StartupType 'Automatic' | |
| # start service | |
| Start-Service ssh-agent | |
| Start-Service sshd | |
| # configure key based-authentication | |
| $sshdConfigFilePath = "$env:ProgramData\ssh\sshd_config" | |
| $pubKeyConf = (Get-Content -path $sshdConfigFilePath) -replace '#PubkeyAuthentication yes','PubkeyAuthentication yes' | |
| $pubKeyConf | Set-Content -Path $sshdConfigFilePath | |
| $passwordConf = (Get-Content -path $sshdConfigFilePath) -replace '#PasswordAuthentication yes','PasswordAuthentication yes' | |
| $passwordConf | Set-Content -Path $sshdConfigFilePath | |
| # create key file in configuration | |
| $acl = Get-Acl $authorizedKeyConf | |
| # disable inheritance | |
| $acl.SetAccessRuleProtection($true, $false) | |
| # set full control for Administrators | |
| $administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow") | |
| $acl.SetAccessRule($administratorsRule) | |
| # set full control for SYSTEM | |
| $systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow") | |
| $acl.SetAccessRule($systemRule) | |
| # apply file acl | |
| $acl | Set-Acl | |
| # restart service | |
| Restart-Service sshd | |
| # success | |
| # Firewall Rules | |
| New-NetFirewallRule -DisplayName "ContainerLogsPort" -LocalPort 10250 -Enabled True -Direction Inbound -Protocol TCP -Action Allow -EdgeTraversalPolicy Allow | |
| # Install Docker | |
| Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force | |
| # configure repository policy | |
| Set-PSRepository PSGallery -InstallationPolicy Trusted | |
| # install module with provider | |
| Install-Module -Name DockerMsftProvider -Repository PSGallery -Force | |
| # install docker package | |
| Install-Package -Name docker -ProviderName DockerMsftProvider -Force | |
| # Restart | |
| shutdown -r -t 10; | |
| </powershell> | |
| EOF | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment