Terraform modules release

I am publishing four Terraform modules today. This code has lived into a private repository of mine for two years and I decided that it was time to dig it out, put it in dedicated, public repositories and release it. Two of them were my first experiments in making Terraform modules and probably too simple for general use. The other two are related to CFEngine: one helps making CFEngine test clients, the other making CFEngine servers.

As always, this code is released with a GPL license in the hope that it will be useful to more people than just myself.

tf-mod-aws-subnet-pair

Creates a public and a private subnet in a VPC. The public subnet has both an IPv4 and IPv6 address block assigned, and will be associated to a routing table so that it can handle external traffic. The private subnet only has an IPv4 address block and is not associated to any routing table.

This is a very basic module that I created for a very specific context, and one of my first experiments in writing Terraform modules. It’s probably neither useful enough nor good enough for general use. It can be good enough as an example of how to make a simple Terraform module though.

Find the code in https://github.com/brontolinux/tf-mod-aws-subnet-pair

tf-mod-aws-vpc

This module creates a VPC in the given region, and one subnet pair (public/private) in the given availability zone. It uses tf-mod-aws-subnet-pair under the hood.

This is a very basic module that I created for a very specific context, and one of my first experiments in writing Terraform modules. It’s probably neither useful enough nor good enough for general use. It can be good enough as an example of how to make a simple Terraform module that uses other modules though.

Find the code in https://github.com/brontolinux/tf-mod-aws-vpc

tf-mod-cfengine-server

This module creates an internet-facing CFEngine server running in AWS on a Debian 10 instance. Spot instances are supported.

The module will create:

  1. an AWS instance (a spot instance unless you specify otherwise)
  2. an EFS filesystem for the CFEngine masterfiles, that will be mounted on the instance under /var/cfengine/masterfiles;
  3. an EFS filesystem for the CFEngine server keys and the public keys collected by the server, that will be mounted on the instance under /var/cfengine/ppkeys;
  4. a public elastic IP that will be attached to the AWS istance to make it accessible from the Internet, according to the rules established by the assigned security groups.

The module does not provide for the case where the two EFS filesystems are shared across multiple instances. It is probably possible to modify the module to either create the EFS filesystems or use existing ones, however: I didn’t need that functionality and adding it would have required more time than I could afford. Pull requests are more than welcome, in case you feel like adding that functionality to everyone’s benefit.

Find the code in https://github.com/brontolinux/tf-mod-cfengine-server

tf-mod-cfengine-client

I built this module to create test clients for my CFEngine set-up. The set-up is very specific and may not be useful in a general case. The module itself however could be useful as a starting point for building generic test clients.

The module will create:

  1. an AWS instance (a spot instance unless you specify otherwise)
  2. a public elastic IP that will be attached to the AWS istance to make it accessible from the Internet, according to the rules established by the assigned security groups.

The instance will be bootstrapped against the policy server whose IP or hostname are given in the variable cfengine_server.

Find the code in https://github.com/brontolinux/tf-mod-cfengine-client

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.