TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / ci / terraform / 45b953d3d425b7be72bcede47ca0bfea8256a725^! / .
commit45b953d3d425b7be72bcede47ca0bfea8256a725[log] [tgz]
authorKelley Spoon <kelley.spoon@linaro.org>Tue Jul 14 04:18:34 2020 -0500
committerKelley Spoon <kelley.spoon@linaro.org>Tue Jul 14 04:18:34 2020 -0500
treefbaf052b15e8129f46a1ded43512d021afba4aed
parent09c9ff51518de67398afa3eb9ba4a7452272d174 [diff]
infra: create terraform for managing general infrastructure

Currently servers have been deployed manually via the AWS interface.
This change is an attempt to move that to a more devops oriented
style of using terraform to deploy and manage servers starting the
staging CI server.

This change bootstraps the 'staging.tf.o' route53 zone and deploys
a server to be used as ci.staging.tf.o.

Change-Id: I47b6cab9bc190a641b4c4b033b0d88d719f63f51

diff --git a/infra.tf b/infra.tf
new file mode 100644
index 0000000..b142def
--- /dev/null
+++ b/infra.tf

@@ -0,0 +1,62 @@
+# upstream AMIs
+data "aws_ami" "ubuntu" {
+    most_recent = true
+
+    filter {
+        name   = "name"
+        values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
+    }
+
+    owners = ["099720109477"] # Official Canonical ID
+}
+
+# Production ------------
+# route53 - not currently managed by Systems terraform
+# roles - not currently managed by Systems terraform
+# server - not currently managed by Systems terraform
+
+# Staging --------------
+# route53
+resource "aws_route53_zone" "staging_zone" {
+    name = "staging.trustedfirmware.org"
+}
+
+resource "aws_route53_record" "staging-ns" {
+    zone_id = aws_route53_zone.staging_zone.zone_id
+    name = "staging.trustedfirmware.org"
+    type = "NS"
+    ttl = 30
+
+    records = [
+        aws_route53_zone.staging_zone.name_servers.0,
+        aws_route53_zone.staging_zone.name_servers.1,
+        aws_route53_zone.staging_zone.name_servers.2,
+        aws_route53_zone.staging_zone.name_servers.3,
+    ]
+}
+
+#servers
+resource "aws_instance" "staging-ci" {
+    ami           = "ami-0286372f78291e588"
+    instance_type = "t3.large"
+    # hardcoding for the time being.  In the future we may want
+    # to split staging off to its own subnet.
+    subnet_id = "subnet-a0d573af"
+    vpc_security_group_ids = [
+        "${aws_security_group.ci-sg.id}",
+        "${aws_security_group.flexnet-sg.id}",
+        ]
+    key_name = "systems-bot-ssh"
+    tags = {
+        Name = "staging-ci"
+        Environment = "staging"
+    }
+}
+
+resource "aws_route53_record" "ci-staging" {
+    zone_id = aws_route53_zone.staging_zone.zone_id
+    name = "ci"
+    type = "A"
+    ttl     = "60"
+    records = [aws_instance.staging-ci.public_ip]
+}