[AWS] Add SLES as default image

README.md

@@ -65,7 +65,7 @@ Git clone can be performed only after setting up the required ssh keys. Please r
 
 #### Terraform
 
-Terraform should be installed on your local or remote computer where the repository is cloned.  Please refer [here](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli) for installation instructions.
+Terraform (v1.9 or greater) should be installed on your local or remote computer where the repository is cloned.  Please refer [here](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli) for installation instructions.
 
 ### What's next
 

modules/infra/aws/data.tf

@@ -14,3 +14,18 @@ data "aws_ami" "ubuntu" {
     values = ["hvm"]
   }
 }
+
+data "aws_ami" "sles" {
+  most_recent = true
+  owners      = ["679593333241"] # SUSE
+
+  filter {
+    name   = "name"
+    values = ["suse-sles-15-sp6-byos-*-hvm-ssd-x86_64-*"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+}

modules/infra/aws/docs.md

@@ -25,6 +25,7 @@ No modules.
 | [aws_security_group.sg_allowall](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [local_file.private_key_pem](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [tls_private_key.ssh_private_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
+| [aws_ami.sles](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
 | [aws_ami.ubuntu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
 
 ## Inputs
@@ -38,17 +39,19 @@ No modules.
 | <a name="input_create_security_group"></a> [create\_security\_group](#input\_create\_security\_group) | Should create the security group associated with the instance(s) | `bool` | `true` | no |
 | <a name="input_create_ssh_key_pair"></a> [create\_ssh\_key\_pair](#input\_create\_ssh\_key\_pair) | Specify if a new SSH key pair needs to be created for the instances | `bool` | `false` | no |
 | <a name="input_iam_instance_profile"></a> [iam\_instance\_profile](#input\_iam\_instance\_profile) | Specify IAM Instance Profile to assign to the instances/nodes | `string` | `null` | no |
+| <a name="input_instance_ami"></a> [instance\_ami](#input\_instance\_ami) | Override the default SLES or Ubuntu AMI | `string` | `null` | no |
 | <a name="input_instance_count"></a> [instance\_count](#input\_instance\_count) | Number of EC2 instances to create | `number` | `3` | no |
 | <a name="input_instance_disk_size"></a> [instance\_disk\_size](#input\_instance\_disk\_size) | Specify root disk size (GB) | `string` | `"80"` | no |
 | <a name="input_instance_security_group"></a> [instance\_security\_group](#input\_instance\_security\_group) | Provide a pre-existing security group ID | `string` | `null` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | Instance type used for all EC2 instances | `string` | `"t3.medium"` | no |
+| <a name="input_os_type"></a> [os\_type](#input\_os\_type) | Use SLES or Ubuntu images when launching instances (sles or ubuntu) | `string` | `"sles"` | no |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | Prefix added to names of all resources | `string` | `"rancher-terraform"` | no |
 | <a name="input_spot_instances"></a> [spot\_instances](#input\_spot\_instances) | Use spot instances | `bool` | `false` | no |
 | <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | Contents of the private key to connect to the instances. | `string` | `null` | no |
 | <a name="input_ssh_key_pair_name"></a> [ssh\_key\_pair\_name](#input\_ssh\_key\_pair\_name) | Specify the SSH key name to use (that's already present in AWS) | `string` | `null` | no |
 | <a name="input_ssh_key_pair_path"></a> [ssh\_key\_pair\_path](#input\_ssh\_key\_pair\_path) | Path to the SSH private key used as the key pair (that's already present in AWS) | `string` | `null` | no |
 | <a name="input_ssh_private_key_path"></a> [ssh\_private\_key\_path](#input\_ssh\_private\_key\_path) | Path to write the generated SSH private key | `string` | `null` | no |
-| <a name="input_ssh_username"></a> [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access | `string` | `"ubuntu"` | no |
+| <a name="input_ssh_username"></a> [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access | `string` | `null` | no |
 | <a name="input_subnet_id"></a> [subnet\_id](#input\_subnet\_id) | VPC Subnet ID to create the instance(s) in | `string` | `null` | no |
 | <a name="input_tag_begin"></a> [tag\_begin](#input\_tag\_begin) | When module is being called mode than once, begin tagging from this number | `number` | `1` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | User-provided tags for the resources | `map(string)` | `{}` | no |
@@ -65,6 +68,5 @@ No modules.
 | <a name="output_instances_public_ip"></a> [instances\_public\_ip](#output\_instances\_public\_ip) | n/a |
 | <a name="output_node_username"></a> [node\_username](#output\_node\_username) | n/a |
 | <a name="output_sg-id"></a> [sg-id](#output\_sg-id) | n/a |
-| <a name="output_ssh_key"></a> [ssh\_key](#output\_ssh\_key) | n/a |
 | <a name="output_ssh_key_pair_name"></a> [ssh\_key\_pair\_name](#output\_ssh\_key\_pair\_name) | n/a |
 | <a name="output_ssh_key_path"></a> [ssh\_key\_path](#output\_ssh\_key\_path) | n/a |

modules/infra/aws/main.tf

@@ -75,7 +75,7 @@ resource "aws_security_group" "sg_allowall" {
 
 resource "aws_instance" "instance" {
   count         = var.instance_count
-  ami           = data.aws_ami.ubuntu.id
+  ami           = var.instance_ami != null ? var.instance_ami : var.os_type == "sles" ? data.aws_ami.sles.id : data.aws_ami.ubuntu.id
   instance_type = var.instance_type
   subnet_id     = var.subnet_id
 

modules/infra/aws/variables.tf

@@ -84,6 +84,22 @@ variable "instance_count" {
   nullable    = false
 }
 
+variable "instance_ami" {
+  type        = string
+  description = "Override the default SLES or Ubuntu AMI"
+  default     = null
+}
+
+variable "os_type" {
+  type        = string
+  description = "Use SLES or Ubuntu images when launching instances (sles or ubuntu)"
+  default     = "sles"
+  validation {
+    condition     = contains(["sles", "ubuntu"], var.os_type)
+    error_message = "The operating system type must be 'sles' or 'ubuntu'."
+  }
+}
+
 variable "vpc_id" {
   type        = string
   description = "VPC ID to create the instance(s) in"
@@ -148,8 +164,11 @@ variable "instance_security_group" {
 variable "ssh_username" {
   type        = string
   description = "Username used for SSH with sudo access"
-  default     = "ubuntu"
-  nullable    = false
+  default     = null
+  validation {
+    condition     = var.ssh_username != null
+    error_message = "An SSH username must be provided"
+  }
 }
 
 variable "spot_instances" {
@@ -185,4 +204,4 @@ variable "tags" {
   description = "User-provided tags for the resources"
   type        = map(string)
   default     = {}
-}
+}

recipes/rke/split-roles/aws/docs.md

@@ -33,6 +33,7 @@ No resources.
 | <a name="input_dependency"></a> [dependency](#input\_dependency) | An optional variable to add a dependency from another resource (not used) | `any` | `null` | no |
 | <a name="input_docker_version"></a> [docker\_version](#input\_docker\_version) | Docker version to install on nodes | `string` | `"23.0.6"` | no |
 | <a name="input_install_docker"></a> [install\_docker](#input\_install\_docker) | Should install docker while creating the instance | `bool` | `true` | no |
+| <a name="input_instance_ami"></a> [instance\_ami](#input\_instance\_ami) | Override the default SLES or Ubuntu AMI | `string` | `null` | no |
 | <a name="input_instance_security_group"></a> [instance\_security\_group](#input\_instance\_security\_group) | Provide a pre-existing security group ID | `string` | `null` | no |
 | <a name="input_instance_security_group_name"></a> [instance\_security\_group\_name](#input\_instance\_security\_group\_name) | Provide a pre-existing security group name | `string` | `null` | no |
 | <a name="input_kube_config_filename"></a> [kube\_config\_filename](#input\_kube\_config\_filename) | Filename to write the kube config | `string` | `null` | no |
@@ -42,11 +43,12 @@ No resources.
 | <a name="input_master_nodes_iam_instance_profile"></a> [master\_nodes\_iam\_instance\_profile](#input\_master\_nodes\_iam\_instance\_profile) | Specify IAM instance profile to attach to master nodes | `string` | `null` | no |
 | <a name="input_master_nodes_instance_disk_size"></a> [master\_nodes\_instance\_disk\_size](#input\_master\_nodes\_instance\_disk\_size) | Disk size used for all master nodes (in GB) | `string` | `"80"` | no |
 | <a name="input_master_nodes_instance_type"></a> [master\_nodes\_instance\_type](#input\_master\_nodes\_instance\_type) | Instance type used for all master nodes | `string` | `"t3.medium"` | no |
+| <a name="input_os_type"></a> [os\_type](#input\_os\_type) | Use SLES or Ubuntu images when launching instances (sles or ubuntu) | `string` | `null` | no |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | Prefix added to names of all resources | `string` | n/a | yes |
 | <a name="input_ssh_key"></a> [ssh\_key](#input\_ssh\_key) | Contents of the private key to connect to the instances. | `string` | `null` | no |
 | <a name="input_ssh_key_pair_name"></a> [ssh\_key\_pair\_name](#input\_ssh\_key\_pair\_name) | Specify the SSH key name to use (that's already present in AWS) | `string` | `null` | no |
 | <a name="input_ssh_key_pair_path"></a> [ssh\_key\_pair\_path](#input\_ssh\_key\_pair\_path) | Path to the SSH private key used as the key pair (that's already present in AWS) | `string` | `null` | no |
-| <a name="input_ssh_username"></a> [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access | `string` | `"ubuntu"` | no |
+| <a name="input_ssh_username"></a> [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access, must align with the AMI in use | `string` | `null` | no |
 | <a name="input_subnet_id"></a> [subnet\_id](#input\_subnet\_id) | VPC Subnet ID to create the instance(s) in | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | User-provided tags for the resources | `map(string)` | `{}` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID to create the instance(s) in | `string` | `null` | no |

recipes/rke/split-roles/aws/main.tf

@@ -1,15 +1,21 @@
+locals {
+  ssh_username = var.instance_ami != null ? var.ssh_username : var.os_type == "sles" ? "ec2-user" : "ubuntu"
+}
+
 module "master_nodes" {
   source = "../../../../modules/infra/aws"
 
   prefix                  = "${var.prefix}-m"
   instance_count          = var.master_nodes_count
   instance_type           = var.master_nodes_instance_type
   instance_disk_size      = var.master_nodes_instance_disk_size
+  instance_ami            = var.instance_ami
+  os_type                 = var.os_type
   create_ssh_key_pair     = var.create_ssh_key_pair
   ssh_key_pair_name       = var.ssh_key_pair_name
   ssh_key_pair_path       = var.ssh_key_pair_path
   ssh_key                 = var.ssh_key
-  ssh_username            = var.ssh_username
+  ssh_username            = local.ssh_username
   aws_region              = var.aws_region
   create_security_group   = var.create_security_group
   instance_security_group = var.instance_security_group
@@ -18,7 +24,7 @@ module "master_nodes" {
   user_data = templatefile("${path.module}/user_data.tmpl",
     {
       install_docker = var.install_docker
-      username       = var.ssh_username
+      username       = local.ssh_username
       docker_version = var.docker_version
     }
   )
@@ -33,11 +39,13 @@ module "worker_nodes" {
   instance_count          = var.worker_nodes_count
   instance_type           = var.worker_nodes_instance_type
   instance_disk_size      = var.worker_nodes_instance_disk_size
+  instance_ami            = var.instance_ami
+  os_type                 = var.os_type
   create_ssh_key_pair     = var.create_ssh_key_pair
   ssh_key_pair_name       = var.ssh_key_pair_name
   ssh_key_pair_path       = var.ssh_key_pair_path
   ssh_key                 = var.ssh_key
-  ssh_username            = var.ssh_username
+  ssh_username            = local.ssh_username
   aws_region              = var.aws_region
   create_security_group   = var.create_security_group
   instance_security_group = var.instance_security_group
@@ -46,7 +54,7 @@ module "worker_nodes" {
   user_data = templatefile("${path.module}/user_data.tmpl",
     {
       install_docker = var.install_docker
-      username       = var.ssh_username
+      username       = local.ssh_username
       docker_version = var.docker_version
     }
   )
@@ -82,7 +90,7 @@ locals {
 module "rke" {
   source                 = "../../../../modules/distribution/rke"
   prefix                 = var.prefix
-  node_username          = var.ssh_username
+  node_username          = local.ssh_username
   create_kubeconfig_file = var.create_kubeconfig_file
   kube_config_path       = var.kube_config_path
   kube_config_filename   = var.kube_config_filename

recipes/rke/split-roles/aws/terraform.tfvars.example

@@ -0,0 +1,57 @@
+###### !! Required variables !! ######
+
+## -- Terraform will use the default ~/.aws/credentials file or environment variables to determine the access/secret keys. Uncomment the below only if necessary.
+# aws_access_key = "ACCESS_KEY_HERE"
+# aws_secret_key = "SECRET_KEY_HERE"
+
+## -- AWS region to create the resources, uncomment one or adjust as needed
+# aws_region = "us-east-1"         # US, Virginia
+# aws_region = "us-west-2"         # US, Oregon
+# aws_region = "eu-west-1"         # EU, Ireland
+# aws_region = "eu-west-1"         # EU, Frankfurt
+# aws_region = "ap-southeast-2"    # AU, Sydney
+# aws_region = "ap-south-1"        # IN, Mumbai
+
+## -- Set the prefix for the name tag on instancrease created. A default prefix (rancher-terraform) if not provided.
+prefix = "my-name-here"
+
+###### !! Optional variables !! ######
+
+## -- Password to set when installing Rancher, otherwise use default (initial-admin-password)
+# rancher_password = "at-least-12-characters"
+
+## -- Rancher version to use when installing the Rancher helm chart, otherwise use the latest in the stable repository
+# rancher_version = "2.7.3"
+
+## -- Override the default k8s version used by RKE
+# kubernetes_version = "v1.24.10-rancher4-1"
+
+## -- Number and type of EC2 instances to launch
+master_nodes_count = 1
+worker_nodes_count = 1
+# master_nodes_instance_type = "t3.medium"
+# worker_nodes_instance_type = "t3.medium"
+
+## -- Use spot instances
+# spot_instances = false
+
+### -- Use SLES or Ubuntu images when launching instances (sles or ubuntu)
+# os_type = "sles"
+## - SSH username (must match the SSH user for the AMI used)
+# ssh_username = "ec2-user"
+## - Custom AMI to launch instances with
+# instance_ami = "ami-xxxx"
+
+##### SSH
+## -- (A) Create a new keypair in AWS
+create_ssh_key_pair = true
+## -- Override the default (./${prefix}_ssh_private_key.pem) path where this SSH key is written
+# ssh_private_key_path = "/path/to/private/key.pem"
+
+## -- (B) Provide an existing keypair name in AWS to use for nodes, the matching private key file for this keypair also must be provided so RKE can SSH to the launched nodes
+# ssh_key_pair_name = "aws_keypair_name"
+# ssh_key_pair_path  = "/path/to/private/key.pem"
+#####
+
+## -- Override the default (${prefix}_kube_config.yml) kubeconfig file/path
+# kube_config_path = "~/.kube/rancher-terraform.yml"

recipes/rke/split-roles/aws/variables.tf

@@ -136,8 +136,20 @@ variable "bastion_host" {
 
 variable "ssh_username" {
   type        = string
-  description = "Username used for SSH with sudo access"
-  default     = "ubuntu"
+  description = "Username used for SSH with sudo access, must align with the AMI in use"
+  default     = null
+}
+
+variable "instance_ami" {
+  type        = string
+  description = "Override the default SLES or Ubuntu AMI"
+  default     = null
+}
+
+variable "os_type" {
+  type        = string
+  description = "Use SLES or Ubuntu images when launching instances (sles or ubuntu)"
+  default     = null
 }
 
 variable "master_nodes_instance_type" {

recipes/standalone/aws/rke/docs.md

@@ -29,18 +29,20 @@ No resources.
 | <a name="input_dependency"></a> [dependency](#input\_dependency) | An optional variable to add a dependency from another resource (not used) | `any` | `null` | no |
 | <a name="input_docker_version"></a> [docker\_version](#input\_docker\_version) | Docker version to install on nodes | `string` | `"20.10"` | no |
 | <a name="input_install_docker"></a> [install\_docker](#input\_install\_docker) | Should install docker while creating the instance | `bool` | `true` | no |
+| <a name="input_instance_ami"></a> [instance\_ami](#input\_instance\_ami) | Override the default SLES or Ubuntu AMI | `string` | `null` | no |
 | <a name="input_instance_count"></a> [instance\_count](#input\_instance\_count) | Number of EC2 instances to create | `number` | `null` | no |
 | <a name="input_instance_disk_size"></a> [instance\_disk\_size](#input\_instance\_disk\_size) | Specify root disk size (GB) | `string` | `null` | no |
 | <a name="input_instance_security_group"></a> [instance\_security\_group](#input\_instance\_security\_group) | Provide a pre-existing security group ID | `string` | `null` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | Instance type used for all EC2 instances | `string` | `null` | no |
 | <a name="input_kube_config_filename"></a> [kube\_config\_filename](#input\_kube\_config\_filename) | Filename to write the kube config | `string` | `null` | no |
 | <a name="input_kube_config_path"></a> [kube\_config\_path](#input\_kube\_config\_path) | The path to write the kubeconfig for the RKE cluster | `string` | `null` | no |
 | <a name="input_kubernetes_version"></a> [kubernetes\_version](#input\_kubernetes\_version) | Kubernetes version to use for the RKE cluster | `string` | `null` | no |
+| <a name="input_os_type"></a> [os\_type](#input\_os\_type) | Use SLES or Ubuntu images when launching instances (sles or ubuntu) | `string` | `null` | no |
 | <a name="input_prefix"></a> [prefix](#input\_prefix) | Prefix added to names of all resources | `string` | `null` | no |
 | <a name="input_spot_instances"></a> [spot\_instances](#input\_spot\_instances) | Use spot instances | `bool` | `null` | no |
 | <a name="input_ssh_key_pair_name"></a> [ssh\_key\_pair\_name](#input\_ssh\_key\_pair\_name) | Specify the SSH key name to use (that's already present in AWS) | `string` | `null` | no |
 | <a name="input_ssh_key_pair_path"></a> [ssh\_key\_pair\_path](#input\_ssh\_key\_pair\_path) | Path to the SSH private key used as the key pair (that's already present in AWS) | `string` | `null` | no |
-| <a name="input_ssh_username"></a> [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access | `string` | `"ubuntu"` | no |
+| <a name="input_ssh_username"></a> [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access, must align with the AMI in use | `string` | `null` | no |
 | <a name="input_subnet_id"></a> [subnet\_id](#input\_subnet\_id) | VPC Subnet ID to create the instance(s) in | `string` | `null` | no |
 
 ## Outputs