lab0 and part of lab1

This commit is contained in:
setop 2024-12-02 21:32:48 +01:00
commit 20d6b1256b
11 changed files with 287 additions and 0 deletions

40
.gitignore vendored Normal file
View File

@ -0,0 +1,40 @@
.env
keypairs/*
### Terraform ###
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
crash.*.log
# Exclude all .tfvars files, which are likely to contain sensitive data, such as
# password, private keys, and other secrets. These should not be part of version
# control as they are data points which are potentially sensitive and subject
# to change depending on the environment.
*.tfvars
*.tfvars.json
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*
# Ignore CLI configuration files
.terraformrc
terraform.rc
# End of https://www.toptal.com/developers/gitignore/api/terraform

2
.tool-versions Normal file
View File

@ -0,0 +1,2 @@
terraform 1.10.0
packer 1.11.2

3
cmd.txt Normal file
View File

@ -0,0 +1,3 @@
ssh -o ControlMaster=no -o IdentitiesOnly=yes -i keypairs/user0 admin@
curl -fsS http://169.254.169.254/latest/meta-data/ami-id

0
keypairs/.keep Normal file
View File

11
lab0/gen_keypairs.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/sh -eu
N=${1} # how many keys to create
mkdir -p keypairs
for i in $(seq $N);
do
keyfile="../keypairs/user${i}"
[ -s $keyfile ] || ssh-keygen -q -t ed25519 -P "" -C "user${i}@packerlab" -f $keyfile
done

67
lab0/main.tf Normal file
View File

@ -0,0 +1,67 @@
provider "aws" {
region = var.region
}
resource "aws_key_pair" "my_keys" {
count = var.group_count
key_name = "user${count.index}-key"
public_key = file("../keypairs/user${count.index}.pub")
}
resource "aws_security_group" "allow_ssh" {
name = "allow_ssh"
description = "Allow SSH inbound traffic"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["82.67.50.62/32"] # Allow SSH from this IP
}
egress {
from_port = 0
to_port = 0
protocol = "-1" # Allow all outbound traffic
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "labtops" {
count = var.group_count
ami = var.ami_id
instance_type = var.instance_type
key_name = aws_key_pair.my_keys[count.index].key_name
security_groups = [aws_security_group.allow_ssh.name]
#iam_instance_profile = aws_iam_instance_profile.ec2_ami_instance_profile.name
tags = {
Name = "labtop #${count.index}"
Owner = "seco"
}
# Enable public IP
associate_public_ip_address = true
}
output "instance_id" {
value = aws_instance.labtops[*].id
}
output "public_ip" {
value = aws_instance.labtops[*].public_ip
}
variable "region" {
type = string
}
variable "group_count" {
type = number
}
variable "ami_id" {
type = string
}
variable "instance_type" {
type = string
}

53
lab0/role.tf Normal file
View File

@ -0,0 +1,53 @@
# Create an IAM role
resource "aws_iam_role" "ec2_ami_role" {
name = "ec2-ami-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Principal = {
Service = "ec2.amazonaws.com"
}
Effect = "Allow"
Sid = ""
},
]
})
}
# Attach the policy that allows creating AMIs
resource "aws_iam_policy" "ec2_ami_policy" {
name = "ec2-ami-policy"
description = "Policy to allow EC2 instances to create AMIs"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"ec2:CreateImage",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:CreateTags"
]
Resource = "*"
},
]
})
}
# Attach the policy to the role
resource "aws_iam_role_policy_attachment" "ec2_ami_role_policy_attachment" {
role = aws_iam_role.ec2_ami_role.name
policy_arn = aws_iam_policy.ec2_ami_policy.arn
}
# Create an IAM instance profile to associate the role with the EC2 instance
resource "aws_iam_instance_profile" "ec2_ami_instance_profile" {
name = "ec2-ami-instance-profile"
role = aws_iam_role.ec2_ami_role.name
}

4
lab0/terraform.tfvars Normal file
View File

@ -0,0 +1,4 @@
region = "eu-west-1"
group_count = 4
ami_id = "ami-0715d656023fe21b4" # Debian 12
instance_type = "t2.micro"

2
lab1/.tool-versions Normal file
View File

@ -0,0 +1,2 @@
terraform 1.10.0
packer 1.11.2

View File

@ -0,0 +1,53 @@
packer {
required_plugins {
amazon = {
version = ">= 1.3"
source = "github.com/hashicorp/amazon"
}
}
}
variable "region" {
type = string
default = "eu-west-1" # ireland
}
variable "ami_source_id" {
type = string
default = "ami-0715d656023fe21b4" # debian 12 ireland
}
variable "ami_name" {
type = string
default = "debian-apache-{{timestamp}}"
}
source "amazon-ebs" "debian" {
#access_key = var.aws_access_key
#secret_key = var.aws_secret_key
region = var.region
source_ami = var.ami_source_id
instance_type = "t2.micro"
ssh_username = "admin"
ami_name = var.ami_name
ami_description = "Debian AMI with Apache HTTP Server"
ssh_wait_timeout = "10m"
tags = {
Name = var.ami_name
Purpose = "packer lab"
}
}
build {
sources = ["source.amazon-ebs.debian"]
provisioner "shell" {
inline = [
"sudo apt-get update",
"sudo apt-get install -y apache2",
"echo '<h1>hello lab one</h1>' | sudo tee /var/www/html/index.html",
"sudo systemctl enable apache2",
"sudo systemctl start apache2"
]
}
}

52
lab1/main.tf Normal file
View File

@ -0,0 +1,52 @@
provider "aws" {
region = var.region
}
resource "aws_key_pair" "my_keys" {
count = var.group_count
key_name = "user${count.index}-key"
public_key = file("../keypairs/user${count.index}.pub")
}
resource "aws_security_group" "allow_ssh" {
name = "allow_ssh"
description = "Allow SSH inbound traffic"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["82.67.50.62/32"] # Allow SSH from this IP
}
egress {
from_port = 0
to_port = 0
protocol = "-1" # Allow all outbound traffic
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "labtops" {
count = var.group_count
ami = var.ami_id
instance_type = var.instance_type
key_name = aws_key_pair.my_keys[count.index].key_name
security_groups = [aws_security_group.allow_ssh.name]
tags = {
Name = "labtop #${count.index}"
Owner = "seco"
}
# Enable public IP
associate_public_ip_address = true
}
output "instance_id" {
value = aws_instance.labtops[*].id
}
output "public_ip" {
value = aws_instance.labtops[*].public_ip
}