commit 20d6b1256bc5e9ad8bf5d771daf1e2735fc3ac29 Author: setop Date: Mon Dec 2 21:32:48 2024 +0100 lab0 and part of lab1 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7283361 --- /dev/null +++ b/.gitignore @@ -0,0 +1,40 @@ +.env +keypairs/* + +### Terraform ### +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc + +# End of https://www.toptal.com/developers/gitignore/api/terraform diff --git a/.tool-versions b/.tool-versions new file mode 100644 index 0000000..ea83606 --- /dev/null +++ b/.tool-versions @@ -0,0 +1,2 @@ +terraform 1.10.0 +packer 1.11.2 diff --git a/cmd.txt b/cmd.txt new file mode 100644 index 0000000..4055667 --- /dev/null +++ b/cmd.txt @@ -0,0 +1,3 @@ +ssh -o ControlMaster=no -o IdentitiesOnly=yes -i keypairs/user0 admin@ + +curl -fsS http://169.254.169.254/latest/meta-data/ami-id diff --git a/keypairs/.keep b/keypairs/.keep new file mode 100644 index 0000000..e69de29 diff --git a/lab0/gen_keypairs.sh b/lab0/gen_keypairs.sh new file mode 100755 index 0000000..c5023bd --- /dev/null +++ b/lab0/gen_keypairs.sh @@ -0,0 +1,11 @@ +#!/bin/sh -eu + +N=${1} # how many keys to create + +mkdir -p keypairs + +for i in $(seq $N); +do + keyfile="../keypairs/user${i}" + [ -s $keyfile ] || ssh-keygen -q -t ed25519 -P "" -C "user${i}@packerlab" -f $keyfile +done diff --git a/lab0/main.tf b/lab0/main.tf new file mode 100644 index 0000000..ba0e5d4 --- /dev/null +++ b/lab0/main.tf @@ -0,0 +1,67 @@ +provider "aws" { + region = var.region +} + +resource "aws_key_pair" "my_keys" { + count = var.group_count + key_name = "user${count.index}-key" + public_key = file("../keypairs/user${count.index}.pub") +} + +resource "aws_security_group" "allow_ssh" { + name = "allow_ssh" + description = "Allow SSH inbound traffic" + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["82.67.50.62/32"] # Allow SSH from this IP + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" # Allow all outbound traffic + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_instance" "labtops" { + count = var.group_count + ami = var.ami_id + instance_type = var.instance_type + key_name = aws_key_pair.my_keys[count.index].key_name + security_groups = [aws_security_group.allow_ssh.name] + + #iam_instance_profile = aws_iam_instance_profile.ec2_ami_instance_profile.name + + tags = { + Name = "labtop #${count.index}" + Owner = "seco" + } + + # Enable public IP + associate_public_ip_address = true +} + +output "instance_id" { + value = aws_instance.labtops[*].id +} + +output "public_ip" { + value = aws_instance.labtops[*].public_ip +} + +variable "region" { + type = string +} +variable "group_count" { + type = number +} +variable "ami_id" { + type = string +} +variable "instance_type" { + type = string +} diff --git a/lab0/role.tf b/lab0/role.tf new file mode 100644 index 0000000..e90e1a2 --- /dev/null +++ b/lab0/role.tf @@ -0,0 +1,53 @@ +# Create an IAM role +resource "aws_iam_role" "ec2_ami_role" { + name = "ec2-ami-role" + + assume_role_policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = "sts:AssumeRole" + Principal = { + Service = "ec2.amazonaws.com" + } + Effect = "Allow" + Sid = "" + }, + ] + }) +} + +# Attach the policy that allows creating AMIs +resource "aws_iam_policy" "ec2_ami_policy" { + name = "ec2-ami-policy" + description = "Policy to allow EC2 instances to create AMIs" + + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Effect = "Allow" + Action = [ + "ec2:CreateImage", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeTags", + "ec2:CreateTags" + ] + Resource = "*" + }, + ] + }) +} + +# Attach the policy to the role +resource "aws_iam_role_policy_attachment" "ec2_ami_role_policy_attachment" { + role = aws_iam_role.ec2_ami_role.name + policy_arn = aws_iam_policy.ec2_ami_policy.arn +} + +# Create an IAM instance profile to associate the role with the EC2 instance +resource "aws_iam_instance_profile" "ec2_ami_instance_profile" { + name = "ec2-ami-instance-profile" + role = aws_iam_role.ec2_ami_role.name +} diff --git a/lab0/terraform.tfvars b/lab0/terraform.tfvars new file mode 100644 index 0000000..93b304b --- /dev/null +++ b/lab0/terraform.tfvars @@ -0,0 +1,4 @@ +region = "eu-west-1" +group_count = 4 +ami_id = "ami-0715d656023fe21b4" # Debian 12 +instance_type = "t2.micro" diff --git a/lab1/.tool-versions b/lab1/.tool-versions new file mode 100644 index 0000000..ea83606 --- /dev/null +++ b/lab1/.tool-versions @@ -0,0 +1,2 @@ +terraform 1.10.0 +packer 1.11.2 diff --git a/lab1/debian-apache-ami.pkr.hcl b/lab1/debian-apache-ami.pkr.hcl new file mode 100644 index 0000000..62a0dcd --- /dev/null +++ b/lab1/debian-apache-ami.pkr.hcl @@ -0,0 +1,53 @@ +packer { + required_plugins { + amazon = { + version = ">= 1.3" + source = "github.com/hashicorp/amazon" + } + } +} + +variable "region" { + type = string + default = "eu-west-1" # ireland +} + +variable "ami_source_id" { + type = string + default = "ami-0715d656023fe21b4" # debian 12 ireland +} + +variable "ami_name" { + type = string + default = "debian-apache-{{timestamp}}" +} + +source "amazon-ebs" "debian" { + #access_key = var.aws_access_key + #secret_key = var.aws_secret_key + region = var.region + source_ami = var.ami_source_id + instance_type = "t2.micro" + ssh_username = "admin" + ami_name = var.ami_name + ami_description = "Debian AMI with Apache HTTP Server" + ssh_wait_timeout = "10m" + tags = { + Name = var.ami_name + Purpose = "packer lab" + } +} + +build { + sources = ["source.amazon-ebs.debian"] + + provisioner "shell" { + inline = [ + "sudo apt-get update", + "sudo apt-get install -y apache2", + "echo '

hello lab one

' | sudo tee /var/www/html/index.html", + "sudo systemctl enable apache2", + "sudo systemctl start apache2" + ] + } +} diff --git a/lab1/main.tf b/lab1/main.tf new file mode 100644 index 0000000..a1f0ed4 --- /dev/null +++ b/lab1/main.tf @@ -0,0 +1,52 @@ +provider "aws" { + region = var.region +} + +resource "aws_key_pair" "my_keys" { + count = var.group_count + key_name = "user${count.index}-key" + public_key = file("../keypairs/user${count.index}.pub") +} + +resource "aws_security_group" "allow_ssh" { + name = "allow_ssh" + description = "Allow SSH inbound traffic" + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["82.67.50.62/32"] # Allow SSH from this IP + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" # Allow all outbound traffic + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_instance" "labtops" { + count = var.group_count + ami = var.ami_id + instance_type = var.instance_type + key_name = aws_key_pair.my_keys[count.index].key_name + security_groups = [aws_security_group.allow_ssh.name] + + tags = { + Name = "labtop #${count.index}" + Owner = "seco" + } + + # Enable public IP + associate_public_ip_address = true +} + +output "instance_id" { + value = aws_instance.labtops[*].id +} + +output "public_ip" { + value = aws_instance.labtops[*].public_ip +}