├── .gitignore ├── outputs.tf ├── provider.tf ├── dns.tf ├── init.sh ├── set_access_control.sh ├── files ├── userdata_srv.template └── userdata_hst.template ├── terraform.tfvars.example ├── vars.tf ├── alb.tf ├── rds.tf ├── vpc.tf ├── hosts.tf ├── server.tf └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | ._* 2 | init.sh 3 | .terraform* 4 | terraform.tfvars 5 | terraform.tfstate 6 | terraform.tfstate.backup 7 | -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | ## Outputs for reference 2 | 3 | output "The Rancher Server URL is" { 4 | value = "http://${var.env_name}.${var.dns_zone}:8080" 5 | } 6 | -------------------------------------------------------------------------------- /provider.tf: -------------------------------------------------------------------------------- 1 | ## AWS details 2 | 3 | provider "aws" { 4 | access_key = "${var.aws_access_key}" 5 | secret_key = "${var.aws_secret_key}" 6 | region = "${var.aws_region}" 7 | } 8 | -------------------------------------------------------------------------------- /dns.tf: -------------------------------------------------------------------------------- 1 | ## Route53 DNS 2 | 3 | # DNS zone 4 | 5 | data "aws_route53_zone" "selected" { 6 | name = "${var.dns_zone}" 7 | private_zone = false 8 | } 9 | 10 | # R53 alias record 11 | 12 | resource "aws_route53_record" "rancher" { 13 | zone_id = "${data.aws_route53_zone.selected.zone_id}" 14 | name = "${var.env_name}.${data.aws_route53_zone.selected.name}" 15 | type = "A" 16 | 17 | alias { 18 | name = "${aws_alb.rancher.dns_name}" 19 | zone_id = "${aws_alb.rancher.zone_id}" 20 | evaluate_target_health = true 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /init.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | PROJECT="$(basename `pwd`)" 4 | BUCKET="existing-s3-bucket" 5 | REGION="eu-west-1" 6 | 7 | init() { 8 | if [ -d .terraform ]; then 9 | if [ -e .terraform/terraform.tfstate ]; then 10 | echo "Remote state already exists!" 11 | if [ -z $IGNORE_INIT ]; then 12 | exit 1 13 | fi 14 | fi 15 | fi 16 | 17 | terraform remote config \ 18 | -backend=s3 \ 19 | -backend-config="bucket=${BUCKET}" \ 20 | -backend-config="key=${PROJECT}/terraform.tfstate" \ 21 | -backend-config="region=${REGION}" 22 | 23 | } 24 | 25 | while getopts "i" opt; do 26 | case "$opt" in 27 | i) 28 | IGNORE_INIT="true" 29 | ;; 30 | esac 31 | done 32 | 33 | shift $((OPTIND-1)) 34 | 35 | init 36 | -------------------------------------------------------------------------------- /set_access_control.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ATTEMPTS=0 3 | echo "Waiting for rancher..." 4 | until curl --fail -s -X GET -H "Accept: application/json" "$4/v2-beta/localauthconfig" ; do 5 | if ((ATTEMPTS >= 2000 )) ; then 6 | exit 7 | fi 8 | ATTEMPTS=$[$ATTEMPTS+1] 9 | echo "Rancher not yet up, retrying..." 10 | sleep 1 11 | done 12 | echo "\nSetting rancher access control." 13 | curl -X POST -H "Content-Type: application/json" -H "Accept: application/json" -d "\ 14 | {\ 15 | \"id\": null,\ 16 | \"type\": \"localAuthConfig\",\ 17 | \"baseType\": \"localAuthConfig\",\ 18 | \"accessMode\": \"unrestricted\",\ 19 | \"enabled\": true,\ 20 | \"name\": \"$1\",\ 21 | \"password\": \"$2\",\ 22 | \"username\": \"$3\"\ 23 | }" \ 24 | "$4/v2-beta/localauthconfig" 25 | echo "done." -------------------------------------------------------------------------------- /files/userdata_srv.template: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | write_files: 3 | - path: /opt/rancher/bin/start.sh 4 | permissions: "0770" 5 | content: | 6 | #!/bin/sh 7 | cat > /opt/rancher/bin/kickoff.sh << EOF 8 | #!/bin/bash 9 | while ! docker version >/dev/null 2>&1; do echo 'waiting for docker...'; sleep 2; done 10 | while ! ping -c 1 8.8.8.8 >/dev/null 2>&1; do echo 'waiting for net...'; sleep 2; done 11 | 12 | sleep 5 13 | docker run -d --restart=unless-stopped -p 8080:8080 rancher/server:v1.5.3 --db-port 3306 --db-host ${database_address} --db-name ${database_name} --db-user ${database_username} --db-pass ${database_password} 14 | EOF 15 | sudo chmod +x /opt/rancher/bin/kickoff.sh 16 | sudo sh /opt/rancher/bin/kickoff.sh & 17 | -------------------------------------------------------------------------------- /files/userdata_hst.template: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | write_files: 3 | - path: /opt/rancher/bin/start.sh 4 | permissions: "0770" 5 | content: | 6 | #!/bin/sh 7 | cat > /opt/rancher/bin/kickoff.sh << EOF 8 | #!/bin/bash 9 | while ! docker version >/dev/null 2>&1; do echo 'waiting for docker...'; sleep 2; done 10 | while ! ping -c 1 8.8.8.8 >/dev/null 2>&1; do echo 'waiting for net...'; sleep 2; done 11 | 12 | sleep 5 13 | docker run -e CATTLE_HOST_LABELS='Name=rancher_hst' -d --privileged -v /var/run/docker.sock:/var/run/docker.sock -v /var/lib/rancher:/var/lib/rancher rancher/agent:v1.2.1 http://"${env_name}.${dns_zone}":8080/v1/scripts/"${reg_token}" 14 | EOF 15 | sudo chmod +x /opt/rancher/bin/kickoff.sh 16 | sudo sh /opt/rancher/bin/kickoff.sh & 17 | -------------------------------------------------------------------------------- /terraform.tfvars.example: -------------------------------------------------------------------------------- 1 | aws_access_key = "your_aws_access_key" 2 | aws_secret_key = "your_aws_secret_key" 3 | aws_region = "aws_region_to_use" 4 | key_name = "an_existing_aws_ec2_keypair_for_the_region" 5 | 6 | cidr_prefix = "two_block_cidr_prefix_for_the_vpc_such_as_10.20" 7 | 8 | my_ip = "your_external_ip_for_srv_security_group_ssh_testing" 9 | 10 | dns_zone = "existing_route_53_hosted_zone_such_as_mydomain.com" 11 | env_name = "environment_identifier_for_deployed_resources_and_the_dns_zone_sub_domain" 12 | 13 | db_name = "name_for_the_rancher_db" 14 | db_username = "alphanumeric_db_username" 15 | db_password = "db_password" 16 | db_class = "db_class_such_as_db.t2.micro" 17 | db_storage = "amount_for_gb_of_db_storage" 18 | db_backup_retention = "amount_of_days_to_keep_db_backups" 19 | db_multi_az = "true_or_false_for_multi_or_single_az" 20 | db_final_snapshot = "true_or_false_for_yes_or_no_to_skip_final_snapshot" 21 | 22 | srv_size = "rancher_server_instance_size_such_as_t2.medium" 23 | 24 | hst_size = "rancher_host_instance_size_such_as_t2.small" 25 | hst_max = "max_size_for_the_autoscaling_group" 26 | hst_min = "min_size_for_the_autoscaling_group" 27 | hst_des = "desired_size_for_the_autoscaling_group" 28 | reg_token = "rancher_hosts_registration_token" 29 | 30 | rancher_admin_name = "your_name" 31 | rancher_admin_username = "an_administrator_username" 32 | rancher_admin_password = "rancher_admin_password" 33 | -------------------------------------------------------------------------------- /vars.tf: -------------------------------------------------------------------------------- 1 | ## Variables 2 | 3 | variable "aws_access_key" {} 4 | variable "aws_secret_key" {} 5 | 6 | variable "aws_region" { 7 | default = "eu-west-1" 8 | } 9 | 10 | variable "key_name" {} 11 | 12 | variable "cidr_prefix" { 13 | default = "10.10" 14 | } 15 | 16 | variable "my_ip" {} 17 | 18 | variable "dns_zone" {} 19 | 20 | variable "ami_type" { 21 | type = "map" 22 | 23 | default = { 24 | eu-west-1 = "ami-481e232e" 25 | eu-west-2 = "ami-51776335" 26 | eu-central-1 = "ami-a71ecfc8" 27 | } 28 | } 29 | 30 | variable "env_name" { 31 | default = "rancher" 32 | } 33 | 34 | variable "srv_size" { 35 | default = "t2.medium" 36 | } 37 | 38 | variable "hst_size" { 39 | default = "t2.small" 40 | } 41 | 42 | variable "hst_max" { 43 | default = "0" 44 | } 45 | 46 | variable "hst_min" { 47 | default = "0" 48 | } 49 | 50 | variable "hst_des" { 51 | default = "0" 52 | } 53 | 54 | variable "reg_token" { 55 | default = "123567890abcde.edcba0987654321.1234567890abcde" 56 | } 57 | 58 | variable "db_name" {} 59 | variable "db_username" {} 60 | variable "db_password" {} 61 | variable "db_class" {} 62 | variable "db_storage" {} 63 | variable "db_backup_retention" {} 64 | variable "db_multi_az" {} 65 | 66 | variable "db_final_snapshot" { 67 | default = "true" 68 | } 69 | 70 | variable "rancher_admin_name" {} 71 | variable "rancher_admin_username" {} 72 | variable "rancher_admin_password" {} 73 | -------------------------------------------------------------------------------- /alb.tf: -------------------------------------------------------------------------------- 1 | ## Application load balancer + listener + target group + security group 2 | 3 | # ALB security group 4 | 5 | resource "aws_security_group" "rancher_alb" { 6 | name = "${var.env_name}-rancher-alb" 7 | vpc_id = "${aws_vpc.rancher.id}" 8 | description = "Rancher application load balancer group" 9 | 10 | ingress { 11 | from_port = 8080 12 | to_port = 8080 13 | protocol = "tcp" 14 | cidr_blocks = ["0.0.0.0/0"] 15 | } 16 | 17 | egress { 18 | from_port = 0 19 | to_port = 0 20 | protocol = "-1" 21 | cidr_blocks = ["0.0.0.0/0"] 22 | } 23 | 24 | tags { 25 | Name = "${var.env_name}-rancher-alb" 26 | } 27 | } 28 | 29 | # ALB 30 | 31 | resource "aws_alb" "rancher" { 32 | name = "${var.env_name}-rancher" 33 | internal = false 34 | security_groups = ["${aws_security_group.rancher_alb.id}"] 35 | subnets = ["${aws_subnet.pub_a.id}", "${aws_subnet.pub_b.id}"] 36 | 37 | enable_deletion_protection = false 38 | 39 | tags { 40 | Name = "${var.env_name}-rancher" 41 | } 42 | } 43 | 44 | # ALB listener 45 | 46 | resource "aws_alb_listener" "rancher" { 47 | load_balancer_arn = "${aws_alb.rancher.id}" 48 | port = "8080" 49 | protocol = "HTTP" 50 | 51 | default_action { 52 | target_group_arn = "${aws_alb_target_group.rancher.id}" 53 | type = "forward" 54 | } 55 | } 56 | 57 | # ALB target group 58 | 59 | resource "aws_alb_target_group" "rancher" { 60 | name = "${var.env_name}-rancher" 61 | port = 8080 62 | protocol = "HTTP" 63 | vpc_id = "${aws_vpc.rancher.id}" 64 | 65 | health_check { 66 | path = "/ping" 67 | } 68 | 69 | tags { 70 | Name = "${var.env_name}-rancher" 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /rds.tf: -------------------------------------------------------------------------------- 1 | ## RDS Database + subnet group + security group 2 | 3 | # RDS security group 4 | 5 | resource "aws_security_group" "rancher_db" { 6 | name = "${var.env_name}-rancher-db" 7 | vpc_id = "${aws_vpc.rancher.id}" 8 | description = "Rancher database group" 9 | 10 | ingress { 11 | from_port = 3306 12 | to_port = 3306 13 | protocol = "tcp" 14 | security_groups = ["${aws_security_group.rancher_srv.id}"] 15 | } 16 | 17 | egress { 18 | from_port = 0 19 | to_port = 0 20 | protocol = "-1" 21 | cidr_blocks = ["0.0.0.0/0"] 22 | } 23 | 24 | tags { 25 | Name = "${var.env_name}-rancher-db" 26 | } 27 | } 28 | 29 | # RDS subnet group 30 | 31 | resource "aws_db_subnet_group" "rancher" { 32 | name = "${var.env_name}-rancher" 33 | subnet_ids = ["${aws_subnet.priv_a.id}", "${aws_subnet.priv_b.id}"] 34 | 35 | tags { 36 | Name = "${var.env_name}-rancher" 37 | } 38 | } 39 | 40 | # RDS instance 41 | 42 | resource "aws_db_instance" "rancher" { 43 | engine = "mysql" 44 | storage_type = "gp2" 45 | instance_class = "${var.db_class}" 46 | name = "${var.db_name}" 47 | username = "${var.db_username}" 48 | password = "${var.db_password}" 49 | allocated_storage = "${var.db_storage}" 50 | backup_retention_period = "${var.db_backup_retention}" 51 | multi_az = "${var.db_multi_az}" 52 | identifier = "${var.env_name}-rancher" 53 | db_subnet_group_name = "${aws_db_subnet_group.rancher.name}" 54 | vpc_security_group_ids = ["${aws_security_group.rancher_db.id}"] 55 | final_snapshot_identifier = "${var.env_name}-snapshot" 56 | skip_final_snapshot = "${var.db_final_snapshot}" 57 | } 58 | -------------------------------------------------------------------------------- /vpc.tf: -------------------------------------------------------------------------------- 1 | ## VPC + subnets + IGW 2 | 3 | resource "aws_vpc" "rancher" { 4 | cidr_block = "${var.cidr_prefix}.0.0/16" 5 | enable_dns_support = "true" 6 | enable_dns_hostnames = "true" 7 | 8 | tags { 9 | Name = "${var.env_name}-rancher" 10 | } 11 | } 12 | 13 | # Public subnets 14 | 15 | resource "aws_subnet" "pub_a" { 16 | vpc_id = "${aws_vpc.rancher.id}" 17 | cidr_block = "${var.cidr_prefix}.1.0/24" 18 | availability_zone = "${var.aws_region}a" 19 | 20 | tags { 21 | Name = "${var.env_name}-pub-a" 22 | } 23 | } 24 | 25 | resource "aws_subnet" "pub_b" { 26 | vpc_id = "${aws_vpc.rancher.id}" 27 | cidr_block = "${var.cidr_prefix}.2.0/24" 28 | availability_zone = "${var.aws_region}b" 29 | 30 | tags { 31 | Name = "${var.env_name}-pub-b" 32 | } 33 | } 34 | 35 | # Private subnets 36 | 37 | resource "aws_subnet" "priv_a" { 38 | vpc_id = "${aws_vpc.rancher.id}" 39 | cidr_block = "${var.cidr_prefix}.3.0/24" 40 | availability_zone = "${var.aws_region}a" 41 | 42 | tags { 43 | Name = "${var.env_name}-priv-a" 44 | } 45 | } 46 | 47 | resource "aws_subnet" "priv_b" { 48 | vpc_id = "${aws_vpc.rancher.id}" 49 | cidr_block = "${var.cidr_prefix}.4.0/24" 50 | availability_zone = "${var.aws_region}b" 51 | 52 | tags { 53 | Name = "${var.env_name}-priv-b" 54 | } 55 | } 56 | 57 | # Internet gateway + public route table 58 | 59 | resource "aws_internet_gateway" "igw" { 60 | vpc_id = "${aws_vpc.rancher.id}" 61 | 62 | tags { 63 | Name = "${var.env_name}-rancher" 64 | } 65 | } 66 | 67 | resource "aws_route_table" "rancher" { 68 | vpc_id = "${aws_vpc.rancher.id}" 69 | 70 | route { 71 | cidr_block = "0.0.0.0/0" 72 | gateway_id = "${aws_internet_gateway.igw.id}" 73 | } 74 | 75 | tags { 76 | Name = "${var.env_name}-rancher" 77 | } 78 | } 79 | 80 | # Route table associations 81 | 82 | resource "aws_route_table_association" "pub_a" { 83 | subnet_id = "${aws_subnet.pub_a.id}" 84 | route_table_id = "${aws_route_table.rancher.id}" 85 | } 86 | 87 | resource "aws_route_table_association" "pub_b" { 88 | subnet_id = "${aws_subnet.pub_b.id}" 89 | route_table_id = "${aws_route_table.rancher.id}" 90 | } 91 | -------------------------------------------------------------------------------- /hosts.tf: -------------------------------------------------------------------------------- 1 | ## Rancher hosts + launch config + autoscaling group + security group 2 | 3 | # Hosts security group 4 | 5 | resource "aws_security_group" "rancher_hst" { 6 | name = "${var.env_name}-rancher-hst" 7 | vpc_id = "${aws_vpc.rancher.id}" 8 | description = "Rancher hosts group" 9 | 10 | ingress { 11 | from_port = 500 12 | to_port = 500 13 | protocol = "udp" 14 | cidr_blocks = ["0.0.0.0/0"] 15 | } 16 | 17 | ingress { 18 | from_port = 4500 19 | to_port = 4500 20 | protocol = "udp" 21 | cidr_blocks = ["0.0.0.0/0"] 22 | } 23 | 24 | ingress { 25 | from_port = 22 26 | to_port = 22 27 | protocol = "tcp" 28 | cidr_blocks = ["0.0.0.0/0"] 29 | } 30 | 31 | egress { 32 | from_port = 0 33 | to_port = 0 34 | protocol = "-1" 35 | cidr_blocks = ["0.0.0.0/0"] 36 | } 37 | 38 | tags { 39 | Name = "${var.env_name}-rancher-hst" 40 | } 41 | } 42 | 43 | # User-data template 44 | data "template_file" "userdata_hst" { 45 | template = "${file("./files/userdata_hst.template")}" 46 | 47 | vars { 48 | # HostsReg 49 | env_name = "${var.env_name}" 50 | dns_zone = "${var.dns_zone}" 51 | reg_token = "${var.reg_token}" 52 | } 53 | } 54 | 55 | # Hosts launch configuration 56 | 57 | resource "aws_launch_configuration" "rancher_hst" { 58 | image_id = "${lookup(var.ami_type, var.aws_region)}" 59 | instance_type = "${var.hst_size}" 60 | key_name = "${var.key_name}" 61 | security_groups = ["${aws_security_group.rancher_hst.id}"] 62 | associate_public_ip_address = true 63 | 64 | lifecycle { 65 | create_before_destroy = true 66 | } 67 | 68 | user_data = "${data.template_file.userdata_hst.rendered}" 69 | } 70 | 71 | # Hosts autoscaling group 72 | 73 | resource "aws_autoscaling_group" "rancher_hst" { 74 | name = "${var.env_name}-rancher-hst" 75 | availability_zones = ["${var.aws_region}a", "${var.aws_region}b"] 76 | launch_configuration = "${aws_launch_configuration.rancher_hst.name}" 77 | health_check_grace_period = 500 78 | health_check_type = "EC2" 79 | max_size = "${var.hst_max}" 80 | min_size = "${var.hst_min}" 81 | desired_capacity = "${var.hst_des}" 82 | vpc_zone_identifier = ["${aws_subnet.pub_a.id}", "${aws_subnet.pub_b.id}"] 83 | 84 | tag { 85 | key = "Name" 86 | value = "${var.env_name}-rancher-hst" 87 | propagate_at_launch = true 88 | } 89 | 90 | lifecycle { 91 | create_before_destroy = true 92 | } 93 | } 94 | -------------------------------------------------------------------------------- /server.tf: -------------------------------------------------------------------------------- 1 | ## Rancher server + launch config + autoscaling group + security group 2 | 3 | # Server security group 4 | 5 | resource "aws_security_group" "rancher_srv" { 6 | name = "${var.env_name}-rancher-srv" 7 | vpc_id = "${aws_vpc.rancher.id}" 8 | description = "Rancher server group" 9 | 10 | ingress { 11 | from_port = 8080 12 | to_port = 8080 13 | protocol = "tcp" 14 | security_groups = ["${aws_security_group.rancher_alb.id}"] 15 | } 16 | 17 | ingress { 18 | from_port = 22 19 | to_port = 22 20 | protocol = "tcp" 21 | cidr_blocks = ["${var.my_ip}/32"] 22 | } 23 | 24 | egress { 25 | from_port = 0 26 | to_port = 0 27 | protocol = "-1" 28 | cidr_blocks = ["0.0.0.0/0"] 29 | } 30 | 31 | tags { 32 | Name = "${var.env_name}-rancher-srv" 33 | } 34 | } 35 | 36 | # User-data template 37 | 38 | data "template_file" "userdata_srv" { 39 | template = "${file("./files/userdata_srv.template")}" 40 | 41 | vars { 42 | # Database 43 | database_address = "${aws_db_instance.rancher.address}" 44 | database_name = "${var.db_name}" 45 | database_username = "${var.db_username}" 46 | database_password = "${var.db_password}" 47 | } 48 | } 49 | 50 | # Server launch configuration 51 | 52 | resource "aws_launch_configuration" "rancher_srv" { 53 | image_id = "${lookup(var.ami_type, var.aws_region)}" 54 | instance_type = "${var.srv_size}" 55 | key_name = "${var.key_name}" 56 | security_groups = ["${aws_security_group.rancher_srv.id}"] 57 | associate_public_ip_address = true 58 | user_data = "${data.template_file.userdata_srv.rendered}" 59 | } 60 | 61 | # Server auto scaling group 62 | 63 | resource "aws_autoscaling_group" "rancher_srv" { 64 | name = "${var.env_name}-rancher-srv" 65 | availability_zones = ["${var.aws_region}a", "${var.aws_region}b"] 66 | launch_configuration = "${aws_launch_configuration.rancher_srv.name}" 67 | health_check_grace_period = 500 68 | health_check_type = "EC2" 69 | max_size = 1 70 | min_size = 1 71 | desired_capacity = 1 72 | vpc_zone_identifier = ["${aws_subnet.pub_a.id}", "${aws_subnet.pub_b.id}"] 73 | target_group_arns = ["${aws_alb_target_group.rancher.id}"] 74 | 75 | tag { 76 | key = "Name" 77 | value = "${var.env_name}-rancher-srv" 78 | propagate_at_launch = true 79 | } 80 | 81 | provisioner "local-exec" { 82 | command = "./set_access_control.sh \"${var.rancher_admin_name}\" \"${var.rancher_admin_password}\" \"${var.rancher_admin_username}\" \"http://${var.env_name}.${data.aws_route53_zone.selected.name}:8080\"" 83 | } 84 | } 85 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Single Node HA for Rancher Server in AWS 2 | 3 | This repo contains Terraform code and supporting scripts to deploy single node HA Rancher server and Rancher hosts in AWS. 4 | 5 | The Terraform plan is designed to be applied in two stages. It will build out and deploy the following resources. 6 | 7 | * x1 VPC + IGW 8 | * x2 Public subnets 9 | * x2 Private subnets 10 | * RDS DB subnet group 11 | * Single-AZ or Multi-AZ RDS MySQL DB instance 12 | * Application load balancer + listener + target group 13 | * Launch configuration + fixed Multi-AZ auto-scaling group of x1 instance for the Rancher server 14 | * Launch configuration + fixed Multi-AZ auto-scaling group of a specified instance amount for the Rancher hosts 15 | * RancherOS instance with active Docker running a password protected deployment of the latest version of Rancher server 16 | * RancherOS instances with active Docker running the latest version of the Rancher host agent 17 | * Route 53 DNS alias record for the ALB 18 | 19 | The estimated deployment time from start to finish is 20-30 minutes. 20 | 21 | ### Prerequisites 22 | 23 | * AWS account 24 | * AWS IAM user account with AWS access/secret keys and permission to create specified resources 25 | * Cygwin (or similar) installed to enable running of .sh scripts if using Windows 26 | * Git installed and configured 27 | * Terraform installed and configured 28 | 29 | ### How to use the Terraform plan to deploy Rancher server and Rancher hosts 30 | 31 | #### Version advisories 32 | 33 | * RancherOS v0.9.1 34 | * Rancher server v1.5.3 35 | * Rancher agent v1.2.1 36 | 37 | #### Stage One 38 | 39 | * Clone the repo 40 | * Create an EC2 keypair in AWS 41 | * Create an S3 bucket to hold remote state 42 | * Update `init.sh` with the S3 bucket name 43 | * Run `init.sh` to initialise remote state 44 | * Create `terraform.tfvars` in the root of the cloned folder (see `terraform.tfvars.example`) 45 | * Set `hst_max`, `hst_min` and `hst_des` in `terraform.tfvars` to zero (0) 46 | * Make up a temporary reg_token in `terraform.tfvars` 47 | * Run `terraform plan` from the root of the folder 48 | * Run `terraform apply` from the root of the folder 49 | * Wait until the installation has completed 50 | * Access Rancher server at the displayed output URL 51 | * Log in with the name and password specified in the `terraform.tfvars` file 52 | 53 | #### Stage Two 54 | * Enable hosts registration from within Rancher and copy the token from the registration string. The token will be in the format similar to `6C8B0D1B2E95DD1AA07A:1483142400000:PKQGzShMCv3wtD02DvlU4MkBY0` 55 | * Update `reg_token` in `terraform.tfvars` with the registration token 56 | * Update `hst_max`, `hst_min` and `hst_des` in `terraform.tfvars` with the max, min and desired amount of host instances 57 | * Re-run `terraform plan` 58 | * Re-run `terraform apply` 59 | * The launch configuration will be replaced with a new version and applied to the auto scaling group 60 | * The specified amount of host instances will launch and register with the Rancher server 61 | 62 | #### How to remove 63 | * To remove all deployed resources run `terraform destroy` 64 | 65 | ### Supplemental 66 | * [Container Clustering with Rancher Server (Part 5) – Automating the deployment of AWS infrastructure and Rancher with Terraform](https://skeltonthatcher.com/blog/container-clustering-rancher-server-part-5-automating-deployment-aws-infrastructure-rancher-terraform/) 67 | 68 | ### Licence 69 | 70 | Copyright (c) 2017 Skelton Thatcher Consulting Ltd. 71 | 72 | Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 73 | 74 | http://www.apache.org/licenses/LICENSE-2.0 75 | 76 | Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. 77 | 78 | ### Acknowledgments 79 | 80 | * Based on works produced by [George Cairns](https://www.linkedin.com/in/george-cairns-9624b621/) from [Automation Logic](http://www.automationlogic.com/) 81 | --------------------------------------------------------------------------------