[CC-3032] EC2 client start up patches (#83)

* EC2 client connection debugging

* Run make

* Add ssh_key param

* Bump to 0.10.0

* Make ssh_keyname required, move intentions to module/ec2-demo-app

* Nit: fix output spacing

Author: Joshua Timmons

examples/hcp-ec2-demo/main.tf

@@ -26,7 +26,7 @@ resource "hcp_hvn" "main" {
 
 module "aws_hcp_consul" {
   source  = "hashicorp/hcp-consul/aws"
-  version = "~> 0.9.4"
+  version = "~> 0.10.0"
 
   hvn             = hcp_hvn.main
   vpc_id          = module.vpc.vpc_id
@@ -51,23 +51,19 @@ resource "tls_private_key" "ssh" {
 }
 
 resource "aws_key_pair" "hcp_ec2" {
-  count = var.ssh ? 1 : 0
-
   public_key = tls_private_key.ssh.public_key_openssh
   key_name   = "hcp-ec2-key-${var.cluster_id}"
 }
 
 resource "local_file" "ssh_key" {
-  count = var.ssh ? 1 : 0
-
   content         = tls_private_key.ssh.private_key_pem
   file_permission = "400"
-  filename        = "${path.module}/${aws_key_pair.hcp_ec2[0].key_name}.pem"
+  filename        = "${path.module}/${aws_key_pair.hcp_ec2.key_name}.pem"
 }
 
 module "aws_ec2_consul_client" {
   source  = "hashicorp/hcp-consul/aws//modules/hcp-ec2-client"
-  version = "~> 0.9.4"
+  version = "~> 0.10.0"
 
   allowed_http_cidr_blocks = ["0.0.0.0/0"]
   allowed_ssh_cidr_blocks  = ["0.0.0.0/0"]
@@ -78,8 +74,20 @@ module "aws_ec2_consul_client" {
   install_demo_app         = var.install_demo_app
   root_token               = hcp_consul_cluster_root_token.token.secret_id
   security_group_id        = module.aws_hcp_consul.security_group_id
-  ssh_keyname              = var.ssh ? aws_key_pair.hcp_ec2[0].key_name : ""
+  ssh_key                  = tls_private_key.ssh.private_key_pem
+  ssh_keyname              = aws_key_pair.hcp_ec2.key_name
   ssm                      = var.ssm
   subnet_id                = module.vpc.public_subnets[0]
   vpc_id                   = module.vpc.vpc_id
 }
+
+module "hashicups" {
+  count = var.install_demo_app ? 1 : 0
+
+  source  = "hashicorp/hcp-consul/aws/modules/ec2-demo-app"
+  version = "~> 0.10.0"
+
+  depends_on = [
+    module.aws_ec2_consul_client
+  ]
+}

examples/hcp-ec2-demo/output.tf

@@ -20,22 +20,22 @@ output "hashicups_url" {
 }
 
 output "next_steps" {
-  value = var.install_demo_app ? "HashiCups Application will be ready in ~2 minutes. Use 'terraform output consul_root_token' to retrieve the root token." : null
+  value = var.install_demo_app ? "HashiCups Application will be ready in ~2 minutes. Use 'terraform output -raw consul_root_token' to retrieve the root token." : null
 }
 
 output "howto_connect" {
   value = <<EOF
   ${var.install_demo_app ? "The demo app, HashiCups, is installed on a Nomad server we have deployed for you." : ""}
   ${var.install_demo_app ? "To access Nomad using your local client run the following command:" : ""}
-  ${var.install_demo_app ? "export NOMAD_HTTP_AUTH=nomad:$(terraform output consul_root_token)" : ""}
+  ${var.install_demo_app ? "export NOMAD_HTTP_AUTH=nomad:$(terraform output -raw consul_root_token)" : ""}
   ${var.install_demo_app ? "export NOMAD_ADDR=http://${module.aws_ec2_consul_client.public_ip}:8081" : ""}
 
   To access Consul from your local client run:
   export CONSUL_HTTP_ADDR="${hcp_consul_cluster.main.consul_public_endpoint_url}"
   export CONSUL_HTTP_TOKEN=$(terraform output -raw consul_root_token)
   
-  To connect to the ec2 instance deployed: 
-${var.ssh ? "  - To access via SSH run: ssh -i ${abspath(local_file.ssh_key[0].filename)} ubuntu@${module.aws_ec2_consul_client.public_ip}" : ""}
-${var.ssm ? "  - To access via SSM run: aws ssm start-session --target ${module.aws_ec2_consul_client.host_id} --region ${var.vpc_region}" : ""}
+  To connect to the deployed EC2 instance: 
+  - via SSH run: ssh -i ${abspath(local_file.ssh_key.filename)} ubuntu@${module.aws_ec2_consul_client.public_ip}
+${var.ssm ? "  - via SSM run: aws ssm start-session --target ${module.aws_ec2_consul_client.host_id} --region ${var.vpc_region}" : ""}
   EOF
 }

examples/hcp-ec2-demo/providers.tf

@@ -25,3 +25,8 @@ provider "consul" {
   token      = hcp_consul_cluster_root_token.token.secret_id
 }
 
+provider "nomad" {
+  address   = "http://${module.aws_ec2_consul_client.public_ip}:8081"
+  http_auth = "nomad:${hcp_consul_cluster_root_token.token.secret_id}"
+}
+

examples/hcp-ec2-demo/variables.tf

@@ -34,12 +34,6 @@ variable "tier" {
   default     = "development"
 }
 
-variable "ssh" {
-  type        = bool
-  description = "Enable or disable SSH access via locally created certificate"
-  default     = true
-}
-
 variable "ssm" {
   type        = bool
   description = "Whether to enable SSM on the EC2 host"

examples/hcp-ecs-demo/main.tf

@@ -28,7 +28,7 @@ resource "hcp_hvn" "main" {
 
 module "aws_hcp_consul" {
   source  = "hashicorp/hcp-consul/aws"
-  version = "~> 0.9.4"
+  version = "~> 0.10.0"
 
   hvn             = hcp_hvn.main
   vpc_id          = module.vpc.vpc_id
@@ -49,7 +49,7 @@ resource "hcp_consul_cluster_root_token" "token" {
 
 module "aws_ecs_cluster" {
   source  = "hashicorp/hcp-consul/aws//modules/hcp-ecs-client"
-  version = "~> 0.9.4"
+  version = "~> 0.10.0"
 
   allowed_http_cidr_blocks = ["0.0.0.0/0"]
   allowed_ssh_cidr_blocks  = ["0.0.0.0/0"]

examples/hcp-ecs-demo/output.tf

@@ -16,5 +16,5 @@ output "hashicups_url" {
 }
 
 output "next_steps" {
-  value = "HashiCups Application will be ready in ~2 minutes. Use 'terraform output consul_root_token' to retrieve the root token."
+  value = "HashiCups Application will be ready in ~2 minutes. Use 'terraform output -raw consul_root_token' to retrieve the root token."
 }

examples/hcp-eks-demo/main.tf

@@ -65,7 +65,7 @@ resource "hcp_hvn" "main" {
 # Note: Uncomment the below module to setup peering for connecting to a private HCP Consul cluster
 # module "aws_hcp_consul" {
 #   source  = "hashicorp/hcp-consul/aws"
-#   version = "~> 0.9.4"
+#   version = "~> 0.10.0"
 #
 #   hvn                = hcp_hvn.main
 #   vpc_id             = module.vpc.vpc_id
@@ -88,7 +88,7 @@ resource "hcp_consul_cluster_root_token" "token" {
 
 module "eks_consul_client" {
   source  = "hashicorp/hcp-consul/aws//modules/hcp-eks-client"
-  version = "~> 0.9.4"
+  version = "~> 0.10.0"
 
   boostrap_acl_token = hcp_consul_cluster_root_token.token.secret_id
   cluster_id         = hcp_consul_cluster.main.cluster_id
@@ -107,7 +107,7 @@ module "eks_consul_client" {
 module "demo_app" {
   count   = var.install_demo_app ? 1 : 0
   source  = "hashicorp/hcp-consul/aws//modules/k8s-demo-app"
-  version = "~> 0.9.4"
+  version = "~> 0.10.0"
 
   depends_on = [module.eks_consul_client]
 }

examples/hcp-eks-demo/output.tf

@@ -24,7 +24,7 @@ output "hashicups_url" {
 }
 
 output "next_steps" {
-  value = "HashiCups Application will be ready in ~2 minutes. Use 'terraform output consul_root_token' to retrieve the root token."
+  value = "HashiCups Application will be ready in ~2 minutes. Use 'terraform output -raw consul_root_token' to retrieve the root token."
 }
 
 output "howto_connect" {

hcp-ui-templates/ec2-existing-vpc/main.tf

@@ -7,7 +7,6 @@ locals {
   vpc_id                = "{{ .VPCID }}"
   public_route_table_id = "{{ .PublicRouteTableID }}"
   public_subnet1        = "{{ .PublicSubnet1 }}"
-  ssh                   = true
   ssm                   = true
 }
 
@@ -35,6 +34,11 @@ provider "consul" {
   token      = hcp_consul_cluster_root_token.token.secret_id
 }
 
+provider "nomad" {
+  address   = "http://${module.aws_ec2_consul_client.public_ip}:8081"
+  http_auth = "nomad:${hcp_consul_cluster_root_token.token.secret_id}"
+}
+
 
 resource "hcp_hvn" "main" {
   hvn_id         = local.hvn_id
@@ -45,7 +49,7 @@ resource "hcp_hvn" "main" {
 
 module "aws_hcp_consul" {
   source  = "hashicorp/hcp-consul/aws"
-  version = "~> 0.9.4"
+  version = "~> 0.10.0"
 
   hvn             = hcp_hvn.main
   vpc_id          = local.vpc_id
@@ -70,23 +74,19 @@ resource "tls_private_key" "ssh" {
 }
 
 resource "aws_key_pair" "hcp_ec2" {
-  count = local.ssh ? 1 : 0
-
   public_key = tls_private_key.ssh.public_key_openssh
   key_name   = "hcp-ec2-key-${local.cluster_id}"
 }
 
 resource "local_file" "ssh_key" {
-  count = local.ssh ? 1 : 0
-
   content         = tls_private_key.ssh.private_key_pem
   file_permission = "400"
-  filename        = "${path.module}/${aws_key_pair.hcp_ec2[0].key_name}.pem"
+  filename        = "${path.module}/${aws_key_pair.hcp_ec2.key_name}.pem"
 }
 
 module "aws_ec2_consul_client" {
   source  = "hashicorp/hcp-consul/aws//modules/hcp-ec2-client"
-  version = "~> 0.9.4"
+  version = "~> 0.10.0"
 
   allowed_http_cidr_blocks = ["0.0.0.0/0"]
   allowed_ssh_cidr_blocks  = ["0.0.0.0/0"]
@@ -97,11 +97,23 @@ module "aws_ec2_consul_client" {
   install_demo_app         = local.install_demo_app
   root_token               = hcp_consul_cluster_root_token.token.secret_id
   security_group_id        = module.aws_hcp_consul.security_group_id
-  ssh_keyname              = local.ssh ? aws_key_pair.hcp_ec2[0].key_name : ""
+  ssh_key                  = tls_private_key.ssh.private_key_pem
+  ssh_keyname              = aws_key_pair.hcp_ec2.key_name
   ssm                      = local.ssm
   subnet_id                = local.public_subnet1
   vpc_id                   = local.vpc_id
 }
+
+module "hashicups" {
+  count = local.install_demo_app ? 1 : 0
+
+  source  = "hashicorp/hcp-consul/aws/modules/ec2-demo-app"
+  version = "~> 0.10.0"
+
+  depends_on = [
+    module.aws_ec2_consul_client
+  ]
+}
 output "consul_root_token" {
   value     = hcp_consul_cluster_root_token.token.secret_id
   sensitive = true
@@ -124,22 +136,22 @@ output "hashicups_url" {
 }
 
 output "next_steps" {
-  value = local.install_demo_app ? "HashiCups Application will be ready in ~2 minutes. Use 'terraform output consul_root_token' to retrieve the root token." : null
+  value = local.install_demo_app ? "HashiCups Application will be ready in ~2 minutes. Use 'terraform output -raw consul_root_token' to retrieve the root token." : null
 }
 
 output "howto_connect" {
   value = <<EOF
   ${local.install_demo_app ? "The demo app, HashiCups, is installed on a Nomad server we have deployed for you." : ""}
   ${local.install_demo_app ? "To access Nomad using your local client run the following command:" : ""}
-  ${local.install_demo_app ? "export NOMAD_HTTP_AUTH=nomad:$(terraform output consul_root_token)" : ""}
+  ${local.install_demo_app ? "export NOMAD_HTTP_AUTH=nomad:$(terraform output -raw consul_root_token)" : ""}
   ${local.install_demo_app ? "export NOMAD_ADDR=http://${module.aws_ec2_consul_client.public_ip}:8081" : ""}
 
   To access Consul from your local client run:
   export CONSUL_HTTP_ADDR="${hcp_consul_cluster.main.consul_public_endpoint_url}"
   export CONSUL_HTTP_TOKEN=$(terraform output -raw consul_root_token)
   
-  To connect to the ec2 instance deployed: 
-${local.ssh ? "  - To access via SSH run: ssh -i ${abspath(local_file.ssh_key[0].filename)} ubuntu@${module.aws_ec2_consul_client.public_ip}" : ""}
-${local.ssm ? "  - To access via SSM run: aws ssm start-session --target ${module.aws_ec2_consul_client.host_id} --region ${local.vpc_region}" : ""}
+  To connect to the deployed EC2 instance: 
+  - via SSH run: ssh -i ${abspath(local_file.ssh_key.filename)} ubuntu@${module.aws_ec2_consul_client.public_ip}
+${local.ssm ? "  - via SSM run: aws ssm start-session --target ${module.aws_ec2_consul_client.host_id} --region ${local.vpc_region}" : ""}
   EOF
 }

hcp-ui-templates/ec2/main.tf

@@ -4,7 +4,6 @@ locals {
   cluster_id       = "{{ .ClusterID }}"
   hvn_id           = "{{ .ClusterID }}-hvn"
   install_demo_app = true
-  ssh              = true
   ssm              = true
 }
 
@@ -32,6 +31,11 @@ provider "consul" {
   token      = hcp_consul_cluster_root_token.token.secret_id
 }
 
+provider "nomad" {
+  address   = "http://${module.aws_ec2_consul_client.public_ip}:8081"
+  http_auth = "nomad:${hcp_consul_cluster_root_token.token.secret_id}"
+}
+
 data "aws_availability_zones" "available" {
   filter {
     name   = "zone-type"
@@ -60,7 +64,7 @@ resource "hcp_hvn" "main" {
 
 module "aws_hcp_consul" {
   source  = "hashicorp/hcp-consul/aws"
-  version = "~> 0.9.4"
+  version = "~> 0.10.0"
 
   hvn             = hcp_hvn.main
   vpc_id          = module.vpc.vpc_id
@@ -85,23 +89,19 @@ resource "tls_private_key" "ssh" {
 }
 
 resource "aws_key_pair" "hcp_ec2" {
-  count = local.ssh ? 1 : 0
-
   public_key = tls_private_key.ssh.public_key_openssh
   key_name   = "hcp-ec2-key-${local.cluster_id}"
 }
 
 resource "local_file" "ssh_key" {
-  count = local.ssh ? 1 : 0
-
   content         = tls_private_key.ssh.private_key_pem
   file_permission = "400"
-  filename        = "${path.module}/${aws_key_pair.hcp_ec2[0].key_name}.pem"
+  filename        = "${path.module}/${aws_key_pair.hcp_ec2.key_name}.pem"
 }
 
 module "aws_ec2_consul_client" {
   source  = "hashicorp/hcp-consul/aws//modules/hcp-ec2-client"
-  version = "~> 0.9.4"
+  version = "~> 0.10.0"
 
   allowed_http_cidr_blocks = ["0.0.0.0/0"]
   allowed_ssh_cidr_blocks  = ["0.0.0.0/0"]
@@ -112,11 +112,23 @@ module "aws_ec2_consul_client" {
   install_demo_app         = local.install_demo_app
   root_token               = hcp_consul_cluster_root_token.token.secret_id
   security_group_id        = module.aws_hcp_consul.security_group_id
-  ssh_keyname              = local.ssh ? aws_key_pair.hcp_ec2[0].key_name : ""
+  ssh_key                  = tls_private_key.ssh.private_key_pem
+  ssh_keyname              = aws_key_pair.hcp_ec2.key_name
   ssm                      = local.ssm
   subnet_id                = module.vpc.public_subnets[0]
   vpc_id                   = module.vpc.vpc_id
 }
+
+module "hashicups" {
+  count = local.install_demo_app ? 1 : 0
+
+  source  = "hashicorp/hcp-consul/aws/modules/ec2-demo-app"
+  version = "~> 0.10.0"
+
+  depends_on = [
+    module.aws_ec2_consul_client
+  ]
+}
 output "consul_root_token" {
   value     = hcp_consul_cluster_root_token.token.secret_id
   sensitive = true
@@ -139,22 +151,22 @@ output "hashicups_url" {
 }
 
 output "next_steps" {
-  value = local.install_demo_app ? "HashiCups Application will be ready in ~2 minutes. Use 'terraform output consul_root_token' to retrieve the root token." : null
+  value = local.install_demo_app ? "HashiCups Application will be ready in ~2 minutes. Use 'terraform output -raw consul_root_token' to retrieve the root token." : null
 }
 
 output "howto_connect" {
   value = <<EOF
   ${local.install_demo_app ? "The demo app, HashiCups, is installed on a Nomad server we have deployed for you." : ""}
   ${local.install_demo_app ? "To access Nomad using your local client run the following command:" : ""}
-  ${local.install_demo_app ? "export NOMAD_HTTP_AUTH=nomad:$(terraform output consul_root_token)" : ""}
+  ${local.install_demo_app ? "export NOMAD_HTTP_AUTH=nomad:$(terraform output -raw consul_root_token)" : ""}
   ${local.install_demo_app ? "export NOMAD_ADDR=http://${module.aws_ec2_consul_client.public_ip}:8081" : ""}
 
   To access Consul from your local client run:
   export CONSUL_HTTP_ADDR="${hcp_consul_cluster.main.consul_public_endpoint_url}"
   export CONSUL_HTTP_TOKEN=$(terraform output -raw consul_root_token)
   
-  To connect to the ec2 instance deployed: 
-${local.ssh ? "  - To access via SSH run: ssh -i ${abspath(local_file.ssh_key[0].filename)} ubuntu@${module.aws_ec2_consul_client.public_ip}" : ""}
-${local.ssm ? "  - To access via SSM run: aws ssm start-session --target ${module.aws_ec2_consul_client.host_id} --region ${local.vpc_region}" : ""}
+  To connect to the deployed EC2 instance: 
+  - via SSH run: ssh -i ${abspath(local_file.ssh_key.filename)} ubuntu@${module.aws_ec2_consul_client.public_ip}
+${local.ssm ? "  - via SSM run: aws ssm start-session --target ${module.aws_ec2_consul_client.host_id} --region ${local.vpc_region}" : ""}
   EOF
 }