dontlaugh · July 7, 2020 18:04
diff --git a/haproxy.tf b/haproxy.tf


 variable "fedora_32" {
  default     = "ami-0285100bb3546c0e7"
  description = "Fedora 32 AMI id from https://alt.fedoraproject.org/cloud/"
 }

 variable "centos_7" {
  default     = "ami-0affd4508a5d2481b"
  description = "Centos 7 AMI id from Amazon Marketplace"
 }

 resource "aws_instance" "proxy" {
  count                       = 3
  ami                         = var.fedora_32
  instance_type               = "t3.medium"
  availability_zone           = "us-east-1a"
  subnet_id                   = data.aws_subnet.public1.id
  associate_public_ip_address = true

  user_data = <<USER_DATA
 #cloud-config

 # Install packages: haproxy, standard tools, bcc bpf tools, kitty terminal support
 package_update: true
 packages:
  - haproxy
  - python3-jinja2-cli
  - jq
  - vim
  - htop
  - tmux
  - wget
  - bcc
  - bcc-tools   # see bpf tools installed under /usr/share/bcc/tools
  - kitty-terminfo

 runcmd:
  - systemctl enable haproxy
  - setenforce 0

 write_files:
  - path: /opt/templates/haproxy.cfg.jinja
    permissions: "0644"
    content: |
      global
        log /dev/log local0 debug

      listen stats
        bind *:9090
        mode  http
        maxconn  10
        stats  enable
        stats  uri /

      defaults
        log global
        timeout connect         10s
        timeout client          2m
        timeout server          2m

      frontend from_nlb
        bind *:443
        mode tcp
        default_backend upstreams

      backend upstreams
        mode tcp
        option ssl-hello-chk
      {%- for u in upstreams %}
        server k8s-{{ loop.index0 }} {{ u['host'] }}:{{ u['port'] }}
      {%- endfor %}

  - path: /usr/local/bin/render-haproxy-template
    permissions: "0555"
    content: |
      #!/usr/bin/env python3
      from argparse import ArgumentParser, Namespace
      from jinja2 import Template

      def execute(args: Namespace):
          upstreams = list()
          for upstream in args.upstreams:
              splitted = upstream.split(":")
              if len(splitted) != 2:
                  raise ValueError("invalid upstream: {}".format(upstream))
              host, port = splitted[0], int(splitted[1], base=10)
              upstreams.append({"host": host, "port": port})
          data = dict()
          data["upstreams"] = upstreams
          with open(args.template) as f:
              t = Template(f.read())
          with open(args.output, 'w') as o:
              o.write(t.render(**data))


      if __name__ == '__main__':
          ap = ArgumentParser()
          ap.add_argument("upstreams", nargs='+', help="a list of upstreams as host:port pairs")
          ap.add_argument("--template", required=False, default="/opt/templates/haproxy.cfg.jinja")
          ap.add_argument("--output", required=False, default="/etc/haproxy/haproxy.cfg")
          args = ap.parse_args()
          execute(args)

 users:
  - name: coleman
    groups:
      - wheel
    shell: /bin/bash
    sudo: ["ALL=(ALL) NOPASSWD:ALL"]
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8cSjNUaWHBVmb/VIT276ui/pULnV9Y7sMk43JrSG2UZJfXSAI8F1x36587amln/U5XRgTSiVrfr2JMyU7ma90rIZ1D6cRLHLvL9mBQu2scqOvG9MnQ/w+3U8gMJoD28TeUuFfoAG5AKE5/7zHuovjTdJFiE7fbTNTij5Q4+wgbQ/sR+KrvHDHqLhpzDlsxa9W6qFvbWWle47ruRjtup92041ypZeFWgRxj6X26sLbR+wR4BYymShXVTjcwTAIZzvLZgBWsgdNDrYDUG7iM/iL11CEp8a3AXBGaRmacpMzHXfSqTtTttz3cBqFoPp6HLRZ2qXGqthbBG2Icu9+PJU9259CmjUi+YOceEOLjO2lAQQehUuJicOMk7bKfE6CVV3bNfWlmgbmQpF33iWC3/d5Y0Q3prv98KS3Kf12JJbvXPnZi3dZxjLjHEB6RoaTg1HMuMSgSwcyjNuIffO+1JAdNi93qFWZ0qJyoL0jEjkfw50UMHvl2vR69EM8f+lrpNE= coleman@trajan
  - name: hiromi
    groups:
      - wheel
    shell: /bin/bash
    sudo: ["ALL=(ALL) NOPASSWD:ALL"]
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZS25yUE+yANcoKKPzYYHtJnpFX0jFZlBOJ5Yxr3GQcTPbJda61djIN+U1jtRXJMgzOnEZoYUQTP4Q4Q2cfgoNP/aysU+CJ/fcv/jUCOP0Iza1F9vHwtdr9clDcBqQTqkRF2tWqxOKV17EZitJRlzvFlX640Z5pNyRI/z+XszG6e9tgL5WJXtcS/87yd70j64r13YqHeKpQKIxJgAw7I/7hCcwptJnTiQLP2nAFLQoh2qxlZPO5gjP1HDN4iR+ZDYGtBFJAjbPaxtwwdwIqqnyCWPawNFxeXjX+vjIZdkY6IM0UWQKcwpuhWdU6q0QFO7u9jMfhaIx3lkQXBZYUcml0N6vq0iPSC1M973FLKj0z9QFA2kvRmGDHLL4XADOKL1Cf6Ewltkh/Ju4UASRzEXSoWZKEoL+yEmTEctfWKM/wbFR4VYz94lM+0NQ7XbPveCfoUTzpUFeVdX+53CCh/lbaGug2g+yDC5D2FX5JFEKHIVcEgDb2SNJ6UCLmY946d9/zcdS4HWKv7LaNBEO7qeCofelDStmo3iHjr6Al9W72sV2IW+pGarXeBFWV29yS4LHNMarN5RijQKzlgtC8DTRg4riiPYjxKTlJCsO0UvATU9xfLuLeAGbdWqv/SyCfI9in9WyFBq+ZgdO30Yogt7adA10+Aj3tpERHnsLwv9b1Q== [email protected]
  - name: kait
    groups:
      - wheel
    shell: /bin/bash
    sudo: ["ALL=(ALL) NOPASSWD:ALL"]
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUVdOpr7SjLZNYZS5TnKEBjh/DzlphJaac5dm/8UT/W5m+ozibMzefrEo8aIy0uZlkLAgWyhVuwCwaFMYNfo8E6xeoWF4LYrq3Wvca5vC0DKmAuSeObu9dQWXzu5YWZQCebNXcK6qKy5zvzqIThvEnNrG8WHA++9t6pDkRN5Xi5XuDepdKAFh4rWqzLD0s59nx0A+MCFJj/Mavm8O4o7peK589DmX27ed1L8b2L/JkRc+Inm5sDTNL/kOqODuqF/aaG7sh86wTuc4FqVYlq0DgXACpOTLPmG+4l+Kc5FoLvvLYicSCvDiM7niBMp7KhBwgRyC6f/5LE3yZVgB0rdIgLrMj2KDuPUjG3VGtncVByiOWLAX7o3KvvYipfR6tthuoF5MU76Xpg74iEdjpJ1/9UodCkNni2fJKP9tUAlQe+ZDX8BJ+MKOY7DY+FSaueXcAfTexAx3ZGhuYzsJ30jUGoqgNwFUf4g09p7WCfF1pKcYFn8osHtwBOLpvedAffV0pswBAT4CIoxvdsdR2b6s2W8pXV2cfXKjjDlvqzlmA6EiXjXjqBwKDUInIKT+OlHKhX25Jc6QDlKAImQtQyjZp7CSzd/1FGQoboS3X1l8e+yXarFlzJm9N97t0jRUEVxvsPAc5AUCOlWDaLnFNB7mWkXWNc1HXt/j1HwVpgNFHMw== [email protected]
 USER_DATA

  tags = {
    Name = "covidhub-haproxy-${count.index}"
  }
 }

 resource "aws_lb_target_group_attachment" "proxy0" {
  target_group_arn = aws_lb_target_group.covidapihub_proxies.arn
  target_id        = aws_instance.proxy.0.id
 }

 resource "aws_lb_target_group_attachment" "proxy1" {
  target_group_arn = aws_lb_target_group.covidapihub_proxies.arn
  target_id        = aws_instance.proxy.1.id
 }

 resource "aws_lb_target_group_attachment" "proxy2" {
  target_group_arn = aws_lb_target_group.covidapihub_proxies.arn
  target_id        = aws_instance.proxy.2.id
 }

 resource "aws_security_group" "haproxy" {
  name        = "haproxy"
  description = "HAProxy inbound traffic"
  vpc_id      = data.aws_vpc.xplane_vpc.id

  ingress {
    from_port   = 0
    to_port     = 22
    protocol    = "TCP"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    //cidr_blocks = [data.aws_vpc.xplane_vpc.cidr_block]
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "haproxy"
  }
 }

 resource "aws_network_interface_sg_attachment" "proxy0" {
  security_group_id    = aws_security_group.haproxy.id
  network_interface_id = aws_instance.proxy.0.primary_network_interface_id
 }

 resource "aws_network_interface_sg_attachment" "proxy1" {
  security_group_id    = aws_security_group.haproxy.id
  network_interface_id = aws_instance.proxy.1.primary_network_interface_id
 }

 resource "aws_network_interface_sg_attachment" "proxy2" {
  security_group_id    = aws_security_group.haproxy.id
  network_interface_id = aws_instance.proxy.2.primary_network_interface_id
 }


	variable "fedora_32" {
	default = "ami-0285100bb3546c0e7"
	description = "Fedora 32 AMI id from https://alt.fedoraproject.org/cloud/"
	}

	variable "centos_7" {
	default = "ami-0affd4508a5d2481b"
	description = "Centos 7 AMI id from Amazon Marketplace"
	}

	resource "aws_instance" "proxy" {
	count = 3
	ami = var.fedora_32
	instance_type = "t3.medium"
	availability_zone = "us-east-1a"
	subnet_id = data.aws_subnet.public1.id
	associate_public_ip_address = true

	user_data = <<USER_DATA
	#cloud-config

	# Install packages: haproxy, standard tools, bcc bpf tools, kitty terminal support
	package_update: true
	packages:
	- haproxy
	- python3-jinja2-cli
	- jq
	- vim
	- htop
	- tmux
	- wget
	- bcc
	- bcc-tools # see bpf tools installed under /usr/share/bcc/tools
	- kitty-terminfo

	runcmd:
	- systemctl enable haproxy
	- setenforce 0

	write_files:
	- path: /opt/templates/haproxy.cfg.jinja
	permissions: "0644"
	content: \|
	global
	log /dev/log local0 debug

	listen stats
	bind *:9090
	mode http
	maxconn 10
	stats enable
	stats uri /

	defaults
	log global
	timeout connect 10s
	timeout client 2m
	timeout server 2m

	frontend from_nlb
	bind *:443
	mode tcp
	default_backend upstreams

	backend upstreams
	mode tcp
	option ssl-hello-chk
	{%- for u in upstreams %}
	server k8s-{{ loop.index0 }} {{ u['host'] }}:{{ u['port'] }}
	{%- endfor %}

	- path: /usr/local/bin/render-haproxy-template
	permissions: "0555"
	content: \|
	#!/usr/bin/env python3
	from argparse import ArgumentParser, Namespace
	from jinja2 import Template

	def execute(args: Namespace):
	upstreams = list()
	for upstream in args.upstreams:
	splitted = upstream.split(":")
	if len(splitted) != 2:
	raise ValueError("invalid upstream: {}".format(upstream))
	host, port = splitted[0], int(splitted[1], base=10)
	upstreams.append({"host": host, "port": port})
	data = dict()
	data["upstreams"] = upstreams
	with open(args.template) as f:
	t = Template(f.read())
	with open(args.output, 'w') as o:
	o.write(t.render(**data))


	if __name__ == '__main__':
	ap = ArgumentParser()
	ap.add_argument("upstreams", nargs='+', help="a list of upstreams as host:port pairs")
	ap.add_argument("--template", required=False, default="/opt/templates/haproxy.cfg.jinja")
	ap.add_argument("--output", required=False, default="/etc/haproxy/haproxy.cfg")
	args = ap.parse_args()
	execute(args)

	users:
	- name: coleman
	groups:
	- wheel
	shell: /bin/bash
	sudo: ["ALL=(ALL) NOPASSWD:ALL"]
	ssh-authorized-keys:
	- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8cSjNUaWHBVmb/VIT276ui/pULnV9Y7sMk43JrSG2UZJfXSAI8F1x36587amln/U5XRgTSiVrfr2JMyU7ma90rIZ1D6cRLHLvL9mBQu2scqOvG9MnQ/w+3U8gMJoD28TeUuFfoAG5AKE5/7zHuovjTdJFiE7fbTNTij5Q4+wgbQ/sR+KrvHDHqLhpzDlsxa9W6qFvbWWle47ruRjtup92041ypZeFWgRxj6X26sLbR+wR4BYymShXVTjcwTAIZzvLZgBWsgdNDrYDUG7iM/iL11CEp8a3AXBGaRmacpMzHXfSqTtTttz3cBqFoPp6HLRZ2qXGqthbBG2Icu9+PJU9259CmjUi+YOceEOLjO2lAQQehUuJicOMk7bKfE6CVV3bNfWlmgbmQpF33iWC3/d5Y0Q3prv98KS3Kf12JJbvXPnZi3dZxjLjHEB6RoaTg1HMuMSgSwcyjNuIffO+1JAdNi93qFWZ0qJyoL0jEjkfw50UMHvl2vR69EM8f+lrpNE= coleman@trajan
	- name: hiromi
	groups:
	- wheel
	shell: /bin/bash
	sudo: ["ALL=(ALL) NOPASSWD:ALL"]
	ssh-authorized-keys:
	- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZS25yUE+yANcoKKPzYYHtJnpFX0jFZlBOJ5Yxr3GQcTPbJda61djIN+U1jtRXJMgzOnEZoYUQTP4Q4Q2cfgoNP/aysU+CJ/fcv/jUCOP0Iza1F9vHwtdr9clDcBqQTqkRF2tWqxOKV17EZitJRlzvFlX640Z5pNyRI/z+XszG6e9tgL5WJXtcS/87yd70j64r13YqHeKpQKIxJgAw7I/7hCcwptJnTiQLP2nAFLQoh2qxlZPO5gjP1HDN4iR+ZDYGtBFJAjbPaxtwwdwIqqnyCWPawNFxeXjX+vjIZdkY6IM0UWQKcwpuhWdU6q0QFO7u9jMfhaIx3lkQXBZYUcml0N6vq0iPSC1M973FLKj0z9QFA2kvRmGDHLL4XADOKL1Cf6Ewltkh/Ju4UASRzEXSoWZKEoL+yEmTEctfWKM/wbFR4VYz94lM+0NQ7XbPveCfoUTzpUFeVdX+53CCh/lbaGug2g+yDC5D2FX5JFEKHIVcEgDb2SNJ6UCLmY946d9/zcdS4HWKv7LaNBEO7qeCofelDStmo3iHjr6Al9W72sV2IW+pGarXeBFWV29yS4LHNMarN5RijQKzlgtC8DTRg4riiPYjxKTlJCsO0UvATU9xfLuLeAGbdWqv/SyCfI9in9WyFBq+ZgdO30Yogt7adA10+Aj3tpERHnsLwv9b1Q== [email protected]
	- name: kait
	groups:
	- wheel
	shell: /bin/bash
	sudo: ["ALL=(ALL) NOPASSWD:ALL"]
	ssh-authorized-keys:
	- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUVdOpr7SjLZNYZS5TnKEBjh/DzlphJaac5dm/8UT/W5m+ozibMzefrEo8aIy0uZlkLAgWyhVuwCwaFMYNfo8E6xeoWF4LYrq3Wvca5vC0DKmAuSeObu9dQWXzu5YWZQCebNXcK6qKy5zvzqIThvEnNrG8WHA++9t6pDkRN5Xi5XuDepdKAFh4rWqzLD0s59nx0A+MCFJj/Mavm8O4o7peK589DmX27ed1L8b2L/JkRc+Inm5sDTNL/kOqODuqF/aaG7sh86wTuc4FqVYlq0DgXACpOTLPmG+4l+Kc5FoLvvLYicSCvDiM7niBMp7KhBwgRyC6f/5LE3yZVgB0rdIgLrMj2KDuPUjG3VGtncVByiOWLAX7o3KvvYipfR6tthuoF5MU76Xpg74iEdjpJ1/9UodCkNni2fJKP9tUAlQe+ZDX8BJ+MKOY7DY+FSaueXcAfTexAx3ZGhuYzsJ30jUGoqgNwFUf4g09p7WCfF1pKcYFn8osHtwBOLpvedAffV0pswBAT4CIoxvdsdR2b6s2W8pXV2cfXKjjDlvqzlmA6EiXjXjqBwKDUInIKT+OlHKhX25Jc6QDlKAImQtQyjZp7CSzd/1FGQoboS3X1l8e+yXarFlzJm9N97t0jRUEVxvsPAc5AUCOlWDaLnFNB7mWkXWNc1HXt/j1HwVpgNFHMw== [email protected]
	USER_DATA

	tags = {
	Name = "covidhub-haproxy-${count.index}"
	}
	}

	resource "aws_lb_target_group_attachment" "proxy0" {
	target_group_arn = aws_lb_target_group.covidapihub_proxies.arn
	target_id = aws_instance.proxy.0.id
	}

	resource "aws_lb_target_group_attachment" "proxy1" {
	target_group_arn = aws_lb_target_group.covidapihub_proxies.arn
	target_id = aws_instance.proxy.1.id
	}

	resource "aws_lb_target_group_attachment" "proxy2" {
	target_group_arn = aws_lb_target_group.covidapihub_proxies.arn
	target_id = aws_instance.proxy.2.id
	}

	resource "aws_security_group" "haproxy" {
	name = "haproxy"
	description = "HAProxy inbound traffic"
	vpc_id = data.aws_vpc.xplane_vpc.id

	ingress {
	from_port = 0
	to_port = 22
	protocol = "TCP"
	cidr_blocks = ["0.0.0.0/0"]
	}

	ingress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	//cidr_blocks = [data.aws_vpc.xplane_vpc.cidr_block]
	cidr_blocks = ["0.0.0.0/0"]
	}

	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}

	tags = {
	Name = "haproxy"
	}
	}

	resource "aws_network_interface_sg_attachment" "proxy0" {
	security_group_id = aws_security_group.haproxy.id
	network_interface_id = aws_instance.proxy.0.primary_network_interface_id
	}

	resource "aws_network_interface_sg_attachment" "proxy1" {
	security_group_id = aws_security_group.haproxy.id
	network_interface_id = aws_instance.proxy.1.primary_network_interface_id
	}

	resource "aws_network_interface_sg_attachment" "proxy2" {
	security_group_id = aws_security_group.haproxy.id
	network_interface_id = aws_instance.proxy.2.primary_network_interface_id
	}
No results found