solarce · August 29, 2015 14:15 · EntropyWorks · Feb 25, 2015
diff --git a/hcl2yaml.py b/hcl2yaml.py
 #!/usr/bin/python

 # need to pip install pyhcl pyyaml
 import sys, yaml, hcl

 filename = sys.argv[1]

 print("Reading", filename)
 with open(filename, 'r') as fp:
        obj = hcl.load(fp)

 print("Converting to yaml")
 bar = yaml.safe_dump(obj,default_flow_style=False)

 print(bar)
 print("Done.")
diff --git a/hcl_example_run.sh b/hcl_example_run.sh
 2143 ◯ : python hcl2yaml.py socorro.tf                                                                                                                                            ⏎
 Reading socorro.tf
 {'provider': {'aws': {'region': '${var.region}', 'secret_key': '${var.secret_key}', 'access_key': '${var.access_key}'}}, 'resource': {'aws_elb': {'elb_for_webheads': {'security_grou
 ps': ['${aws_security_group.internet_to_elb__http.id}'], 'availability_zones': ['${aws_instance.webheads.*.availability_zone}'], 'instances': ['${aws_instance.webheads.*.id}'], 'lis
 tener': {'instance_port': 80, 'instance_protocol': 'http', 'lb_port': 80, 'lb_protocol': 'http'}, 'name': 'elb-for-webheads'}}, 'aws_instance': {'admin_host': {'security_groups': ['
 ${aws_security_group.internet_to_any__ssh.name}', '${aws_security_group.private_to_private__any.name}'], 'instance_type': 't2.micro', 'count': 1, 'key_name': '${lookup(var.ssh_key_n
 ame, var.region)}', 'ami': '${lookup(var.base_ami, var.region)}'}}, 'aws_security_group': {'internet_to_snowflakes__http': {'description': 'Allow HTTP access to some oddball nodes.', 'ingress': {'protocol': 'tcp', 'from_port': 80, 'to_port': 80, 'cidr_blocks': ['0.0.0.0/0']}, 'name': 'internet_to_snowflakes__http'}}}}
 Converting to yaml
 provider:
  aws:
    access_key: ${var.access_key}
    region: ${var.region}
    secret_key: ${var.secret_key}
 resource:
  aws_elb:
    elb_for_webheads:
      availability_zones:
      - ${aws_instance.webheads.*.availability_zone}
      instances:
      - ${aws_instance.webheads.*.id}
      listener:
        instance_port: 80
        instance_protocol: http
        lb_port: 80
        lb_protocol: http
      name: elb-for-webheads
      security_groups:
      - ${aws_security_group.internet_to_elb__http.id}
  aws_instance:
    admin_host:
      ami: ${lookup(var.base_ami, var.region)}
      count: 1
      instance_type: t2.micro
      key_name: ${lookup(var.ssh_key_name, var.region)}
      security_groups:
      - ${aws_security_group.internet_to_any__ssh.name}
      - ${aws_security_group.private_to_private__any.name}
  aws_security_group:
    internet_to_snowflakes__http:
      description: Allow HTTP access to some oddball nodes.
      ingress:
        cidr_blocks:
        - 0.0.0.0/0
        from_port: 80
        protocol: tcp
        to_port: 80
      name: internet_to_snowflakes__http

 Done.
diff --git a/socorro.tf b/socorro.tf
 provider "aws" {
    region = "${var.region}"
    access_key = "${var.access_key}"
    secret_key = "${var.secret_key}"
 }

 # This is potentially dangerous; may require review.
 resource "aws_security_group" "private_to_private__any" {
    name = "private_to_private__any"
    description = "Allow all private traffic."
    ingress {
        from_port = 0
        to_port = 65535
        protocol = "tcp"
        cidr_blocks = [
            "172.0.0.0/16"
        ]
    }
    ingress {
        from_port = 0
        to_port = 65535
        protocol = "udp"
        cidr_blocks = [
            "172.0.0.0/16"
        ]
    }
    ingress {
        from_port = "-1"
        to_port = "-1"
        protocol = "icmp"
        cidr_blocks = [
            "172.0.0.0/16"
        ]
    }
 }

 resource "aws_security_group" "internet_to_any__ssh" {
    name = "internet_to_any__ssh"
    description = "Allow (alt) SSH to any given node."
    ingress {
        from_port = "${var.alt_ssh_port}"
        to_port = "${var.alt_ssh_port}"
        protocol = "tcp"
        cidr_blocks = [
            "0.0.0.0/0"
        ]
    }
 }

 resource "aws_security_group" "internet_to_elb__http" {
    name = "internet_to_elb__http"
    description = "Allow incoming traffic from Internet to HTTP(S) on ELBs."
    ingress {
        from_port = 80
        to_port = 80
        protocol = "tcp"
        cidr_blocks = [
            "0.0.0.0/0"
        ]
    }
    ingress {
        from_port = 443
        to_port = 443
        protocol = "tcp"
        cidr_blocks = [
            "0.0.0.0/0"
        ]
    }
 }

 resource "aws_security_group" "elb_to_webheads__http" {
    name = "elb_to_webheads__http"
    description = "Allow HTTP(S) from ELBs to webheads."
    ingress {
        from_port = 80
        to_port = 80
        protocol = "tcp"
        security_groups = [
            "${aws_security_group.internet_to_elb__http.id}"
        ]
    }
    ingress {
        from_port = 443
        to_port = 443
        protocol = "tcp"
        security_groups = [
            "${aws_security_group.internet_to_elb__http.id}"
        ]
    }
 }

 resource "aws_security_group" "internet_to_snowflakes__http" {
    name = "internet_to_snowflakes__http"
    description = "Allow HTTP access to some oddball nodes."
    ingress {
        from_port = 80
        to_port = 80
        protocol = "tcp"
        cidr_blocks = [
            "0.0.0.0/0"
        ]
    }
 }

 resource "aws_elb" "elb_for_collectors" {
    name = "elb-for-collectors"
    availability_zones = [
        "${aws_instance.collectors.*.availability_zone}"
    ]
    listener {
        instance_port = 80
        instance_protocol = "http"
        lb_port = 80
        lb_protocol = "http"
    }
    /* Requires SSLCertificateId
    listener {
        instance_port = 443
        instance_protocol = "https"
        lb_port = 443
        lb_protocol = "https"
    }
    */
    # Sit in front of the collectors.
    instances = [
        "${aws_instance.collectors.*.id}"
    ]
    security_groups = [
        "${aws_security_group.internet_to_elb__http.id}"
    ]
 }

 resource "aws_elb" "elb_for_webheads" {
    name = "elb-for-webheads"
    availability_zones = [
        "${aws_instance.webheads.*.availability_zone}"
    ]
    listener {
        instance_port = 80
        instance_protocol = "http"
        lb_port = 80
        lb_protocol = "http"
    }
    /* Requires SSLCertificateId
    listener {
        instance_port = 443
        instance_protocol = "https"
        lb_port = 443
        lb_protocol = "https"
    }
    */
    # Sit in front of the webheads.
    instances = [
        "${aws_instance.webheads.*.id}"
    ]
    security_groups = [
        "${aws_security_group.internet_to_elb__http.id}"
    ]
 }

 resource "aws_instance" "webheads" {
    ami = "${lookup(var.base_ami, var.region)}"
    instance_type = "t2.micro"
    key_name = "${lookup(var.ssh_key_name, var.region)}"
    count = 1
    security_groups = [
        "${aws_security_group.elb_to_webheads__http.name}",
        "${aws_security_group.internet_to_any__ssh.name}",
        "${aws_security_group.private_to_private__any.name}"
    ]
    provisioner "remote-exec" {
        connection {
            user = "centos"
            key_file = "${lookup(var.ssh_key_file, var.region)}"
            port = "${var.alt_ssh_port}"
        }
        inline = [
            "sudo sh -c 'echo web_server > /var/www/html/index.html'",
            "sudo systemctl start httpd"
        ]
    }
 }

 resource "aws_instance" "collectors" {
    ami = "${lookup(var.base_ami, var.region)}"
    instance_type = "t2.micro"
    key_name = "${lookup(var.ssh_key_name, var.region)}"
    count = 1
    security_groups = [
        "${aws_security_group.elb_to_webheads__http.name}",
        "${aws_security_group.internet_to_any__ssh.name}",
        "${aws_security_group.private_to_private__any.name}"
    ]
    provisioner "remote-exec" {
        connection {
            user = "centos"
            key_file = "${lookup(var.ssh_key_file, var.region)}"
            port = "${var.alt_ssh_port}"
        }
        inline = [
            "sudo sh -c 'echo collector > /var/www/html/index.html'",
            "sudo systemctl start httpd"
        ]
    }
 }

 resource "aws_instance" "processors" {
    ami = "${lookup(var.base_ami, var.region)}"
    instance_type = "t2.micro"
    key_name = "${lookup(var.ssh_key_name, var.region)}"
    count = 1
    security_groups = [
        "${aws_security_group.internet_to_any__ssh.name}",
        "${aws_security_group.private_to_private__any.name}"
    ]
 }

 resource "aws_instance" "middleware" {
    ami = "${lookup(var.base_ami, var.region)}"
    instance_type = "t2.micro"
    key_name = "${lookup(var.ssh_key_name, var.region)}"
    count = 1
    security_groups = [
        "${aws_security_group.internet_to_any__ssh.name}",
        "${aws_security_group.private_to_private__any.name}"
    ]
 }

 resource "aws_instance" "rabbitmq" {
    ami = "${lookup(var.base_ami, var.region)}"
    instance_type = "t2.micro"
    key_name = "${lookup(var.ssh_key_name, var.region)}"
    count = 1
    security_groups = [
        "${aws_security_group.internet_to_any__ssh.name}",
        "${aws_security_group.private_to_private__any.name}"
    ]
 }

 resource "aws_instance" "elasticsearch" {
    ami = "${lookup(var.base_ami, var.region)}"
    instance_type = "t2.micro"
    key_name = "${lookup(var.ssh_key_name, var.region)}"
    count = 1
    security_groups = [
        "${aws_security_group.internet_to_any__ssh.name}",
        "${aws_security_group.private_to_private__any.name}"
    ]
 }

 resource "aws_instance" "postgres" {
    ami = "${lookup(var.base_ami, var.region)}"
    instance_type = "t2.micro"
    key_name = "${lookup(var.ssh_key_name, var.region)}"
    count = 1
    security_groups = [
        "${aws_security_group.internet_to_any__ssh.name}",
        "${aws_security_group.private_to_private__any.name}"
    ]
 }

 resource "aws_instance" "crash-analysis" {
    ami = "${lookup(var.base_ami, var.region)}"
    instance_type = "t2.micro"
    key_name = "${lookup(var.ssh_key_name, var.region)}"
    count = 1
    security_groups = [
        "${aws_security_group.internet_to_any__ssh.name}",
        "${aws_security_group.internet_to_snowflakes__http.name}",
        "${aws_security_group.private_to_private__any.name}"
    ]
 }

 resource "aws_instance" "symbolapi" {
    ami = "${lookup(var.base_ami, var.region)}"
    instance_type = "t2.micro"
    key_name = "${lookup(var.ssh_key_name, var.region)}"
    count = 1
    security_groups = [
        "${aws_security_group.internet_to_any__ssh.name}",
        "${aws_security_group.internet_to_snowflakes__http.name}",
        "${aws_security_group.private_to_private__any.name}"
    ]
 }

 resource "aws_instance" "admin_host" {
    ami = "${lookup(var.base_ami, var.region)}"
    instance_type = "t2.micro"
    key_name = "${lookup(var.ssh_key_name, var.region)}"
    count = 1
    security_groups = [
        "${aws_security_group.internet_to_any__ssh.name}",
        "${aws_security_group.private_to_private__any.name}"
    ]
 }
	#!/usr/bin/python

	# need to pip install pyhcl pyyaml
	import sys, yaml, hcl

	filename = sys.argv[1]

	print("Reading", filename)
	with open(filename, 'r') as fp:
	obj = hcl.load(fp)

	print("Converting to yaml")
	bar = yaml.safe_dump(obj,default_flow_style=False)

	print(bar)
	print("Done.")
	2143 ◯ : python hcl2yaml.py socorro.tf ⏎
	Reading socorro.tf
	{'provider': {'aws': {'region': '${var.region}', 'secret_key': '${var.secret_key}', 'access_key': '${var.access_key}'}}, 'resource': {'aws_elb': {'elb_for_webheads': {'security_grou
	ps': ['${aws_security_group.internet_to_elb__http.id}'], 'availability_zones': ['${aws_instance.webheads..availability_zone}'], 'instances': ['${aws_instance.webheads..id}'], 'lis
	tener': {'instance_port': 80, 'instance_protocol': 'http', 'lb_port': 80, 'lb_protocol': 'http'}, 'name': 'elb-for-webheads'}}, 'aws_instance': {'admin_host': {'security_groups': ['
	${aws_security_group.internet_to_any__ssh.name}', '${aws_security_group.private_to_private__any.name}'], 'instance_type': 't2.micro', 'count': 1, 'key_name': '${lookup(var.ssh_key_n
	ame, var.region)}', 'ami': '${lookup(var.base_ami, var.region)}'}}, 'aws_security_group': {'internet_to_snowflakes__http': {'description': 'Allow HTTP access to some oddball nodes.', 'ingress': {'protocol': 'tcp', 'from_port': 80, 'to_port': 80, 'cidr_blocks': ['0.0.0.0/0']}, 'name': 'internet_to_snowflakes__http'}}}}
	Converting to yaml
	provider:
	aws:
	access_key: ${var.access_key}
	region: ${var.region}
	secret_key: ${var.secret_key}
	resource:
	aws_elb:
	elb_for_webheads:
	availability_zones:
	- ${aws_instance.webheads.*.availability_zone}
	instances:
	- ${aws_instance.webheads.*.id}
	listener:
	instance_port: 80
	instance_protocol: http
	lb_port: 80
	lb_protocol: http
	name: elb-for-webheads
	security_groups:
	- ${aws_security_group.internet_to_elb__http.id}
	aws_instance:
	admin_host:
	ami: ${lookup(var.base_ami, var.region)}
	count: 1
	instance_type: t2.micro
	key_name: ${lookup(var.ssh_key_name, var.region)}
	security_groups:
	- ${aws_security_group.internet_to_any__ssh.name}
	- ${aws_security_group.private_to_private__any.name}
	aws_security_group:
	internet_to_snowflakes__http:
	description: Allow HTTP access to some oddball nodes.
	ingress:
	cidr_blocks:
	- 0.0.0.0/0
	from_port: 80
	protocol: tcp
	to_port: 80
	name: internet_to_snowflakes__http

	Done.
	provider "aws" {
	region = "${var.region}"
	access_key = "${var.access_key}"
	secret_key = "${var.secret_key}"
	}

	# This is potentially dangerous; may require review.
	resource "aws_security_group" "private_to_private__any" {
	name = "private_to_private__any"
	description = "Allow all private traffic."
	ingress {
	from_port = 0
	to_port = 65535
	protocol = "tcp"
	cidr_blocks = [
	"172.0.0.0/16"
	]
	}
	ingress {
	from_port = 0
	to_port = 65535
	protocol = "udp"
	cidr_blocks = [
	"172.0.0.0/16"
	]
	}
	ingress {
	from_port = "-1"
	to_port = "-1"
	protocol = "icmp"
	cidr_blocks = [
	"172.0.0.0/16"
	]
	}
	}

	resource "aws_security_group" "internet_to_any__ssh" {
	name = "internet_to_any__ssh"
	description = "Allow (alt) SSH to any given node."
	ingress {
	from_port = "${var.alt_ssh_port}"
	to_port = "${var.alt_ssh_port}"
	protocol = "tcp"
	cidr_blocks = [
	"0.0.0.0/0"
	]
	}
	}

	resource "aws_security_group" "internet_to_elb__http" {
	name = "internet_to_elb__http"
	description = "Allow incoming traffic from Internet to HTTP(S) on ELBs."
	ingress {
	from_port = 80
	to_port = 80
	protocol = "tcp"
	cidr_blocks = [
	"0.0.0.0/0"
	]
	}
	ingress {
	from_port = 443
	to_port = 443
	protocol = "tcp"
	cidr_blocks = [
	"0.0.0.0/0"
	]
	}
	}

	resource "aws_security_group" "elb_to_webheads__http" {
	name = "elb_to_webheads__http"
	description = "Allow HTTP(S) from ELBs to webheads."
	ingress {
	from_port = 80
	to_port = 80
	protocol = "tcp"
	security_groups = [
	"${aws_security_group.internet_to_elb__http.id}"
	]
	}
	ingress {
	from_port = 443
	to_port = 443
	protocol = "tcp"
	security_groups = [
	"${aws_security_group.internet_to_elb__http.id}"
	]
	}
	}

	resource "aws_security_group" "internet_to_snowflakes__http" {
	name = "internet_to_snowflakes__http"
	description = "Allow HTTP access to some oddball nodes."
	ingress {
	from_port = 80
	to_port = 80
	protocol = "tcp"
	cidr_blocks = [
	"0.0.0.0/0"
	]
	}
	}

	resource "aws_elb" "elb_for_collectors" {
	name = "elb-for-collectors"
	availability_zones = [
	"${aws_instance.collectors.*.availability_zone}"
	]
	listener {
	instance_port = 80
	instance_protocol = "http"
	lb_port = 80
	lb_protocol = "http"
	}
	/* Requires SSLCertificateId
	listener {
	instance_port = 443
	instance_protocol = "https"
	lb_port = 443
	lb_protocol = "https"
	}
	*/
	# Sit in front of the collectors.
	instances = [
	"${aws_instance.collectors.*.id}"
	]
	security_groups = [
	"${aws_security_group.internet_to_elb__http.id}"
	]
	}

	resource "aws_elb" "elb_for_webheads" {
	name = "elb-for-webheads"
	availability_zones = [
	"${aws_instance.webheads.*.availability_zone}"
	]
	listener {
	instance_port = 80
	instance_protocol = "http"
	lb_port = 80
	lb_protocol = "http"
	}
	/* Requires SSLCertificateId
	listener {
	instance_port = 443
	instance_protocol = "https"
	lb_port = 443
	lb_protocol = "https"
	}
	*/
	# Sit in front of the webheads.
	instances = [
	"${aws_instance.webheads.*.id}"
	]
	security_groups = [
	"${aws_security_group.internet_to_elb__http.id}"
	]
	}

	resource "aws_instance" "webheads" {
	ami = "${lookup(var.base_ami, var.region)}"
	instance_type = "t2.micro"
	key_name = "${lookup(var.ssh_key_name, var.region)}"
	count = 1
	security_groups = [
	"${aws_security_group.elb_to_webheads__http.name}",
	"${aws_security_group.internet_to_any__ssh.name}",
	"${aws_security_group.private_to_private__any.name}"
	]
	provisioner "remote-exec" {
	connection {
	user = "centos"
	key_file = "${lookup(var.ssh_key_file, var.region)}"
	port = "${var.alt_ssh_port}"
	}
	inline = [
	"sudo sh -c 'echo web_server > /var/www/html/index.html'",
	"sudo systemctl start httpd"
	]
	}
	}

	resource "aws_instance" "collectors" {
	ami = "${lookup(var.base_ami, var.region)}"
	instance_type = "t2.micro"
	key_name = "${lookup(var.ssh_key_name, var.region)}"
	count = 1
	security_groups = [
	"${aws_security_group.elb_to_webheads__http.name}",
	"${aws_security_group.internet_to_any__ssh.name}",
	"${aws_security_group.private_to_private__any.name}"
	]
	provisioner "remote-exec" {
	connection {
	user = "centos"
	key_file = "${lookup(var.ssh_key_file, var.region)}"
	port = "${var.alt_ssh_port}"
	}
	inline = [
	"sudo sh -c 'echo collector > /var/www/html/index.html'",
	"sudo systemctl start httpd"
	]
	}
	}

	resource "aws_instance" "processors" {
	ami = "${lookup(var.base_ami, var.region)}"
	instance_type = "t2.micro"
	key_name = "${lookup(var.ssh_key_name, var.region)}"
	count = 1
	security_groups = [
	"${aws_security_group.internet_to_any__ssh.name}",
	"${aws_security_group.private_to_private__any.name}"
	]
	}

	resource "aws_instance" "middleware" {
	ami = "${lookup(var.base_ami, var.region)}"
	instance_type = "t2.micro"
	key_name = "${lookup(var.ssh_key_name, var.region)}"
	count = 1
	security_groups = [
	"${aws_security_group.internet_to_any__ssh.name}",
	"${aws_security_group.private_to_private__any.name}"
	]
	}

	resource "aws_instance" "rabbitmq" {
	ami = "${lookup(var.base_ami, var.region)}"
	instance_type = "t2.micro"
	key_name = "${lookup(var.ssh_key_name, var.region)}"
	count = 1
	security_groups = [
	"${aws_security_group.internet_to_any__ssh.name}",
	"${aws_security_group.private_to_private__any.name}"
	]
	}

	resource "aws_instance" "elasticsearch" {
	ami = "${lookup(var.base_ami, var.region)}"
	instance_type = "t2.micro"
	key_name = "${lookup(var.ssh_key_name, var.region)}"
	count = 1
	security_groups = [
	"${aws_security_group.internet_to_any__ssh.name}",
	"${aws_security_group.private_to_private__any.name}"
	]
	}

	resource "aws_instance" "postgres" {
	ami = "${lookup(var.base_ami, var.region)}"
	instance_type = "t2.micro"
	key_name = "${lookup(var.ssh_key_name, var.region)}"
	count = 1
	security_groups = [
	"${aws_security_group.internet_to_any__ssh.name}",
	"${aws_security_group.private_to_private__any.name}"
	]
	}

	resource "aws_instance" "crash-analysis" {
	ami = "${lookup(var.base_ami, var.region)}"
	instance_type = "t2.micro"
	key_name = "${lookup(var.ssh_key_name, var.region)}"
	count = 1
	security_groups = [
	"${aws_security_group.internet_to_any__ssh.name}",
	"${aws_security_group.internet_to_snowflakes__http.name}",
	"${aws_security_group.private_to_private__any.name}"
	]
	}

	resource "aws_instance" "symbolapi" {
	ami = "${lookup(var.base_ami, var.region)}"
	instance_type = "t2.micro"
	key_name = "${lookup(var.ssh_key_name, var.region)}"
	count = 1
	security_groups = [
	"${aws_security_group.internet_to_any__ssh.name}",
	"${aws_security_group.internet_to_snowflakes__http.name}",
	"${aws_security_group.private_to_private__any.name}"
	]
	}

	resource "aws_instance" "admin_host" {
	ami = "${lookup(var.base_ami, var.region)}"
	instance_type = "t2.micro"
	key_name = "${lookup(var.ssh_key_name, var.region)}"
	count = 1
	security_groups = [
	"${aws_security_group.internet_to_any__ssh.name}",
	"${aws_security_group.private_to_private__any.name}"
	]
	}