step-02-automate-server.tf.off

# Create Automate Server
# https://packages.chef.io/files/stable/automate/1.8.3/el/7/automate-1.8.3-1.el7.x86_64.rpm
resource "aws_instance" "chef-automate" {
  tags                        = "${merge(var.default_tags, map(
                                  "Name", "${var.prefix}-automate-server",
                                ))}"
  connection {
    host                      = "${self.public_ip}"
    user                      = "${var.ssh_username}"
    private_key               = "${file("${var.ssh_key["file"]}")}"
  }
  ami                         = "${data.aws_ami.centos.id}"
  count                       = 1
  instance_type               = "${var.instance_type}"
  associate_public_ip_address = "${var.automate_server_pub}"
  subnet_id                   = "${aws_subnet.chef_01_public.id}"
  vpc_security_group_ids      = ["${aws_security_group.chef-server.id}","${aws_security_group.chef_internal.id}"]
  key_name                    = "${var.ssh_key["name"]}"
  ebs_optimized               = true

  root_block_device {
    delete_on_termination     = true
    volume_size               = 20
    volume_type               = "gp2"
    #iops                      = 1000
  }

  ebs_block_device {
    device_name               = "/dev/sdb"
    volume_type               = "io1"
    iops                      = 5000 # iops = volume_size * 50
    volume_size               = 100
    delete_on_termination     = true
  }
  # Set hostname in separate connection.
  # Transient hostname doesn't set correctly in time otherwise.
  provisioner "remote-exec" {
    inline                    = [
                                  "sudo hostname ${aws_instance.chef-automate.public_dns}",
                                  "sudo sed -i \"s/HOSTNAME=.*/HOSTNAME=${var.instance["hostname"]}.${var.instance["domain"]}/g\" /etc/sysconfig/network",
                                  "sudo mkdir /etc/chef/"
    ]
  }
  # mount the EBS volume
  provisioner "file" {
    source                    = "files/mount_data_volume"
    destination               = "/tmp/mount_data_volume"
  }
  provisioner "remote-exec" {
    inline                    = [
                                  "sudo bash -ex /tmp/mount_data_volume"
    ]
  }
  provisioner "file" {
    source                    = "${var.chef_automate_license}"
    destination               = "./chef_automate.license"
  }
  provisioner "remote-exec" {
    script                    = "${path.module}/files/disable_firewall.sh"
  }
  provisioner "remote-exec" {
    inline                    = [
                                  "sudo yum install wget -y",
                                  "wget ${var.automate_rpm_link}",
                                  "sudo rpm -i ${var.automate_rpm_link}",
                                  "sudo hostname CHANGEME-CHANGEME.COM"
    ]
  }
  provisioner "file" {
    source         = ".chef/delivery.pem"
    destination    = "./delivery.pem"
  }
  provisioner "remote-exec" {
    inline = [
      "cp /etc/hosts ./",
      "echo \"${aws_instance.chef-server.private_ip} CHANGEME.chef.io\" >> ./hosts",
      "sudo cp ./hosts /etc/hosts"
    ]
  }
  provisioner "remote-exec" {
    inline = [
      "sudo automate-ctl setup --license /home/centos/chef_automate.license --key /home/centos/delivery.pem --server-url https://CHANGEME.chef.io/organizations/automate --fqdn CHANGEME-CHANGEME.COM --enterprise BallJoints --configure --no-build-node"
    ]
  }
}

# Generate pretty output format
data "template_file" "chef-server-creds" {
  template = "${file("${path.module}/files/chef-server-creds.tpl")}"
  vars {
    user   = "${var.chef_user["username"]}"
    pass   = "${base64sha256(aws_instance.chef-server.id)}"
    user_p = ".chef/${var.chef_user["username"]}.pem"
    fqdn   = "${aws_instance.chef-server.tags.Name}"
    org    = "${var.chef_org["short"]}"
  }
}
# Write generated template file
resource "local_file" "chef-server-creds" {
  content  = "${data.template_file.chef-server-creds.rendered}"
  filename = ".chef/chef-server.creds"
}