cleanup and using backend.hcl to share vars

Author: dfry

examples/acme/README.md

@@ -1,5 +1,34 @@
 # How To Configure Bootstrap
 
-For a working example see the [acme example](examples/acme/main.tf). One thing to note is the `source` setting needs to reference the Git URL rather than a path.
+For a working example see the [acme example](examples/acme/main.tf). 
+
+You can run the follwing commands inside the docker container produced by the release of this repo.  Run the image with the following command (which will mount your ~/.aws/credentials into the docker container):
+
+docker run -it -v ~/.aws:/root/.aws ghcr.io/mojaloop/iac-aws-bootstrap:currentver
+
+You need to create the backend.hcl file by using the iac-aws-backend repo and setting the appropriate variables when prompted.
+
+Copy the backend.hcl file into the same dir as the primary main.tf file.  
+
+Edit the main.tf file to set the appropriate domain variable (base domain) and the tenancy variable.  This will create a zone for tenancy.domain so you will have hosts with FQDNs such as gitlab.tenancy.domain and wireguard.tenancy.domain, etc.
+
+You can also change the number of zones to use if you wish to have the switch create worker nodes in different zones and have the load balancers balance accross those different zones.  Or leave it at 1 and everything will be in the same zone.
+
+You need to create a group that has admin access and that group must be set here:
+
+iac_group_name = ....
+
+After you finish modifying the settings in main.tf you will need to run the following commands:
+
+1. terraform init --backend-config=backend.hcl
+2. terraform apply -var-file=backend.hcl
+3. cd post-config
+4. terraform init --backend-config=../backend.hcl
+5. terraform apply -var-file=../backend.hcl
+
+Now you can log in to gitlab.tenancy.domain using root and the result of running this command from the main directory:
+
+terraform output gitlab_root_pw
+
+Use google authenticator or other appropriate app to configure MFA on gitlab for the root user.
 
-The Git URL to use is `git::[email protected]:mojaloop/iac-aws-bootstrap.git?ref=v0.1.0`

examples/acme/main.tf

@@ -1,23 +1,24 @@
 module "bootstrap" {
-  source = "git::https://github.com/mojaloop/iac-aws-bootstrap.git?ref=v2.1.4"
+  source = "git::https://github.com/mojaloop/iac-aws-bootstrap.git?ref=v2beta"
   tags = {
     "Origin" = "Managed by Terraform"
     "mojaloop/cost_center" = "oss-iac-test"
-    "mojaloop/owner" = "dfry"
+    "mojaloop/owner" = "jdoe"
     "Tenant" = var.tenant
   }
 
-  domain       = "mojatest.live" # The FQDN of the tenant
+  domain       = "mojatest.live"
   tenant       = var.tenant             # The Tenant name (probably the name of the customer - this should be the same as ths "tenant" above)
   region       = var.region        # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions
-  environments = var.environments             # Comma Separated list of environments in this tenant.    e.g. ["dev","qa","test1"]
+  environments = var.environments            # Comma Separated list of environments in this tenant.    e.g. ["dev","qa","test1"]
   gitlab_use_staging_letsencrypt = false
   iac_group_name = "iac_admin"
   enable_github_oauth     = false
-  github_oauth_id         = "12abc8d17f07711165c5"
-  github_oauth_secret     = "60f7769649e0642393de91854fe299f504bb1046"
   gitlab_rbac_groups      = var.gitlab_rbac_groups
   smtp_server_enable      = true
+  gitlab_version          = "14.8.2"
+  cidr_block_index = var.cidr_block_index
+  max_number_availability_zones = 1
 }
 
 
@@ -26,6 +27,13 @@ variable "environments" {
   type        = list(string)
   default     = ["dev"]
 }
+variable "cidr_block_index" {
+  description = "index for cidr block assignments"
+  type        = map(number)
+  default     = {
+      "dev" = 0
+  }
+}
 variable "gitlab_rbac_groups" {
   description = "list of groups to configure"
   type        = list(string)
@@ -39,7 +47,7 @@ variable "region" {
 variable "tenant" {
   description = "tenant name"
   type        = string
-  default     = "infra4"
+  default     = "tenancy1"
 }
 ############################################### DO NOT EDIT BELOW THIS LINE #############################################
 
@@ -200,4 +208,8 @@ output "ses_user" {
 output "ses_pw" {
   value = module.bootstrap.ses_pw
   sensitive   = true
+}
+output "availability_zones" {
+  description = "azs used in tenancy"
+  value       = module.bootstrap.availability_zones
 }

examples/acme/post-config/main.tf

@@ -1,11 +1,12 @@
 module "init-gitlab" {
-  source                     = "git::https://github.com/mojaloop/iac-shared-modules.git//gitlab/init-config?ref=v2.1.4"
-  iac_user_key_secret        = data.terraform_remote_state.tenant.outputs.iac_user_key_id
-  iac_user_key_id            = data.terraform_remote_state.tenant.outputs.iac_user_key_secret
+  source                     = "git::https://github.com/mojaloop/iac-shared-modules.git//gitlab/init-config?ref=v2.1.14"
+  iac_user_key_secret        = data.terraform_remote_state.tenant.outputs.iac_user_key_secret
+  iac_user_key_id            = data.terraform_remote_state.tenant.outputs.iac_user_key_id
   group_list                 = data.terraform_remote_state.tenant.outputs.gitlab_rbac_groups
   env_list                   = data.terraform_remote_state.tenant.outputs.environments
   root_token                 = data.terraform_remote_state.tenant.outputs.gitlab_root_token
   gitlab_url                 = "https://${data.terraform_remote_state.tenant.outputs.gitlab_hostname}"
+  two_factor_grace_period    = 0
 }
 
 
@@ -20,8 +21,17 @@ terraform {
 data "terraform_remote_state" "tenant" {
   backend = "s3"
   config = {
-    region = "eu-west-1"
-    bucket = "infra4-mojaloop-state"
+    region = var.region
+    bucket = var.bucket
     key    = "bootstrap/terraform.tfstate"
   }
-}
+}
+
+variable "region" {
+  description = "region to install in"
+  type        = string
+}
+variable "bucket" {
+  description = "bucket name"
+  type        = string
+}