Merge pull request #11 from WhistleLabs/DEVOPS-1218

disaac · web-flow · commit ff0a5eb14296 · 2017-02-13T15:10:03.000-08:00
DEVOPS-1218
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,7 +1,16 @@
 ## Unreleased
 
-## ???
+## 0.1.0
 
+#### BREAKING CHANGES:
+- Removed `\` backslash escapes. Breaks compatibility with Terraform versions < 0.8.0
+
+#### IMPROVEMENTS:
+- Update modules to use terraform 0.8.x syntax
+
+## 0.0.9
+
+#### IMPROVEMENTS:
 - Feature: Automatically push instance's subnet route into `server.conf`
 - export `zone_id`, `dns_name` from aws_elb
 - Fix the 4 subnet fixed mapping
diff --git a/certs/main.tf b/certs/main.tf
@@ -35,8 +35,8 @@ resource "aws_iam_role_policy" "s3_certs_ro" {
         "s3:Get*"
       ],
       "Resource": [
-        "arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}/${replace(var.s3_bucket_prefix,"/^(\/)+|(\/)+$/","")}",
-        "arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}/${replace(var.s3_bucket_prefix,"/^(\/)+|(\/)+$/","")}/*"
+        "arn:aws:s3:::${replace(var.s3_bucket,"/(/)+$/","")}/${replace(var.s3_bucket_prefix,"/^(/)+|(/)+$/","")}",
+        "arn:aws:s3:::${replace(var.s3_bucket,"/(/)+$/","")}/${replace(var.s3_bucket_prefix,"/^(/)+|(/)+$/","")}/*"
       ]
     },
     {
@@ -45,7 +45,7 @@ resource "aws_iam_role_policy" "s3_certs_ro" {
         "s3:List*"
       ],
       "Resource": [
-        "arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}"
+        "arn:aws:s3:::${replace(var.s3_bucket,"/(/)+$/","")}"
       ]
     }
   ]
@@ -197,7 +197,7 @@ data "template_file" "user_data" {
 
 ## Creates auto scaling cluster
 module "cluster" {
-  source = "github.com/unifio/terraform-aws-asg?ref=v0.2.0//group"
+  source = "github.com/WhistleLabs/terraform-aws-asg?ref=v0.2.1//group"
 
   # Resource tags
   stack_item_label    = "${var.stack_item_label}"
diff --git a/certs/templates/user_data.tpl b/certs/templates/user_data.tpl
@@ -1,11 +1,16 @@
 #cloud-config
+## The sed and daemon-reload entries are temporary and will be removed once permission issue is handled on base AMI.
+## https://github.com/WhistleLabs/terraform-aws-openvpn/pull/2
 runcmd:
-  - echo "OPENVPN_CERT_SOURCE=s3://${replace(s3_bucket,"/(\/)+$/","")}/${replace(s3_bucket_prefix,"/^(\/)+|(\/)+$/","")}" > /etc/openvpn/get-openvpn-certs.env
+  - echo "OPENVPN_CERT_SOURCE=s3://${replace(s3_bucket,"/(/)+$/","")}/${replace(s3_bucket_prefix,"/^(/)+|(/)+$/","")}" > /etc/openvpn/get-openvpn-certs.env
+  - echo 'crl-verify /etc/openvpn/keys/crl.pem' >> /etc/openvpn/server.conf
   - echo "push \"route $(ip route get 8.8.8.8| grep src| sed 's/.*src \(.*\)$/\1/g') 255.255.255.255 net_gateway\"" >> /etc/openvpn/server.conf
   - echo "push \"route ${cidrhost(element(split(",",route_cidrs),1), 0)}  ${cidrnetmask(element(split(",",route_cidrs),1))}\"" >> /etc/openvpn/server.conf
   - echo "push \"route ${cidrhost(element(split(",",route_cidrs),2), 0)}  ${cidrnetmask(element(split(",",route_cidrs),2))}\"" >> /etc/openvpn/server.conf
   - echo "push \"route ${cidrhost(element(split(",",route_cidrs),3), 0)}  ${cidrnetmask(element(split(",",route_cidrs),3))}\"" >> /etc/openvpn/server.conf
   - echo "push \"route ${cidrhost(element(split(",",route_cidrs),4), 0)}  ${cidrnetmask(element(split(",",route_cidrs),4))}\"" >> /etc/openvpn/server.conf
+  - sed -i 's/\(ExecStartPost=.*chmod.*$\)/ExecStartPost=\/bin\/chown -R nobody:nogroup \/etc\/openvpn\n\1\n/g' /etc/systemd/system/get-openvpn-certs.service
+  - systemctl daemon-reload
   - systemctl start get-openvpn-certs
   - systemctl restart openvpn@server
   - systemctl restart iptables
diff --git a/examples/cert-gen/variables.tf b/examples/cert-gen/variables.tf
@@ -35,7 +35,7 @@ variable "region" {
 }
 
 variable "subnets" {
-  tpye        = "string"
+  type        = "string"
   description = "List of VPC subnets eligible for instance deployment"
 }
 
diff --git a/generate-certs/main.tf b/generate-certs/main.tf
@@ -36,8 +36,8 @@ resource "aws_iam_role_policy" "s3_certs_rw" {
         "s3:PutObject"
       ],
       "Resource": [
-        "arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}",
-        "arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}/*"
+        "arn:aws:s3:::${replace(var.s3_bucket,"/(/)+$/","")}",
+        "arn:aws:s3:::${replace(var.s3_bucket,"/(/)+$/","")}/*"
       ]
     },
     {
@@ -46,7 +46,7 @@ resource "aws_iam_role_policy" "s3_certs_rw" {
         "s3:List*"
       ],
       "Resource": [
-        "arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}"
+        "arn:aws:s3:::${replace(var.s3_bucket,"/(/)+$/","")}"
       ]
     }
   ]
diff --git a/generate-certs/templates/user_data.tpl b/generate-certs/templates/user_data.tpl
@@ -3,9 +3,9 @@ manage_etc_hosts: True
 
 runcmd:
   - echo "S3_REGION=\"${region}\"" > /etc/default/openvpn-cert-generator
-  - echo "S3_CERT_ROOT_PATH=\"s3://${replace(s3_bucket,"/(\/)+$/","")}/\"" >> /etc/default/openvpn-cert-generator
+  - echo "S3_CERT_ROOT_PATH=\"s3://${replace(s3_bucket,"/(/)+$/","")}/\"" >> /etc/default/openvpn-cert-generator
   - echo "KEY_SIZE=${cert_key_size}" >> /etc/default/openvpn-cert-generator
-  - echo "S3_DIR_OVERRIDE=\"${replace(s3_dir_override,"/^(\/)+|(\/)+$/","")}\"" >> /etc/default/openvpn-cert-generator
+  - echo "S3_DIR_OVERRIDE=\"${replace(s3_dir_override,"/^(/)+|(/)+$/","")}\"" >> /etc/default/openvpn-cert-generator
   - echo "KEY_CITY=\"${key_city}\"" >> /etc/default/openvpn-cert-generator
   - echo "KEY_ORG=\"${key_org}\"" >> /etc/default/openvpn-cert-generator
   - echo "KEY_EMAIL=\"${key_email}\"" >> /etc/default/openvpn-cert-generator
diff --git a/generate-certs/variables.tf b/generate-certs/variables.tf
@@ -51,7 +51,7 @@ variable "region" {
 }
 
 variable "subnet" {
-  tpye        = "string"
+  type        = "string"
   description = "VPC subnet to associate with the instance"
 }
 

Original file line number	Diff line number	Diff line change
`@@ -35,8 +35,8 @@ resource "aws_iam_role_policy" "s3_certs_ro" {`
`35`	`35`	`"s3:Get*"`
`36`	`36`	`],`
`37`	`37`	`"Resource": [`
`38`		`- "arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}/${replace(var.s3_bucket_prefix,"/^(\/)+\|(\/)+$/","")}",`
`39`		`- "arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}/${replace(var.s3_bucket_prefix,"/^(\/)+\|(\/)+$/","")}/*"`
	`38`	`+ "arn:aws:s3:::${replace(var.s3_bucket,"/(/)+$/","")}/${replace(var.s3_bucket_prefix,"/^(/)+\|(/)+$/","")}",`
	`39`	`+ "arn:aws:s3:::${replace(var.s3_bucket,"/(/)+$/","")}/${replace(var.s3_bucket_prefix,"/^(/)+\|(/)+$/","")}/*"`
`40`	`40`	`]`
`41`	`41`	`},`
`42`	`42`	`{`
`@@ -45,7 +45,7 @@ resource "aws_iam_role_policy" "s3_certs_ro" {`
`45`	`45`	`"s3:List*"`
`46`	`46`	`],`
`47`	`47`	`"Resource": [`
`48`		`- "arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}"`
	`48`	`+ "arn:aws:s3:::${replace(var.s3_bucket,"/(/)+$/","")}"`
`49`	`49`	`]`
`50`	`50`	`}`
`51`	`51`	`]`
`@@ -197,7 +197,7 @@ data "template_file" "user_data" {`
`197`	`197`
`198`	`198`	`## Creates auto scaling cluster`
`199`	`199`	`module "cluster" {`
`200`		`- source = "github.com/unifio/terraform-aws-asg?ref=v0.2.0//group"`
	`200`	`+ source = "github.com/WhistleLabs/terraform-aws-asg?ref=v0.2.1//group"`
`201`	`201`
`202`	`202`	`# Resource tags`
`203`	`203`	`stack_item_label = "${var.stack_item_label}"`
Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ variable "region" {`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`variable "subnets" {`
`38`		`- tpye = "string"`
	`38`	`+ type = "string"`
`39`	`39`	`description = "List of VPC subnets eligible for instance deployment"`
`40`	`40`	`}`
`41`	`41`
Original file line number	Diff line number	Diff line change
`@@ -36,8 +36,8 @@ resource "aws_iam_role_policy" "s3_certs_rw" {`
`36`	`36`	`"s3:PutObject"`
`37`	`37`	`],`
`38`	`38`	`"Resource": [`
`39`		`- "arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}",`
`40`		`- "arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}/*"`
	`39`	`+ "arn:aws:s3:::${replace(var.s3_bucket,"/(/)+$/","")}",`
	`40`	`+ "arn:aws:s3:::${replace(var.s3_bucket,"/(/)+$/","")}/*"`
`41`	`41`	`]`
`42`	`42`	`},`
`43`	`43`	`{`
`@@ -46,7 +46,7 @@ resource "aws_iam_role_policy" "s3_certs_rw" {`
`46`	`46`	`"s3:List*"`
`47`	`47`	`],`
`48`	`48`	`"Resource": [`
`49`		`- "arn:aws:s3:::${replace(var.s3_bucket,"/(\/)+$/","")}"`
	`49`	`+ "arn:aws:s3:::${replace(var.s3_bucket,"/(/)+$/","")}"`
`50`	`50`	`]`
`51`	`51`	`}`
`52`	`52`	`]`
Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ variable "region" {`
`51`	`51`	`}`
`52`	`52`
`53`	`53`	`variable "subnet" {`
`54`		`- tpye = "string"`
	`54`	`+ type = "string"`
`55`	`55`	`description = "VPC subnet to associate with the instance"`
`56`	`56`	`}`
`57`	`57`