From 4a993fd9e3c267c38f2001bc072c9e2aa361e06e Mon Sep 17 00:00:00 2001
From: Kuba Tyszko <kuba@lbl.pl>
Date: Tue, 17 Oct 2017 16:59:34 -0700
Subject: [PATCH] upgrading ubuntu ami to 16.04, switching to systemd, allowing
 multiple AZ/subnets through subnets={} map, upgrading consul to 0.9.3 (#3566)

---
 terraform/README.md                           |  2 +
 terraform/aws/consul.tf                       |  6 ++-
 terraform/aws/variables.tf                    | 38 +++++++++++++------
 .../shared/scripts/debian_consul.service      | 13 +++++++
 terraform/shared/scripts/install.sh           |  7 ++--
 5 files changed, 49 insertions(+), 17 deletions(-)
 create mode 100644 terraform/shared/scripts/debian_consul.service

diff --git a/terraform/README.md b/terraform/README.md
index 484b4d738..fa42e3b1d 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -3,3 +3,5 @@
 This folder contains modules for Terraform that can setup Consul for
 various systems. The infrastructure provider that is used is designated
 by the folder above. See the `variables.tf` file in each for more documentation. 
+
+To deploy Consul in multiple Subnets/AZ on AWS - supply:  -var 'vpc_id=vpc-1234567' -var 'subnets={ "0" = "subnet-12345", "1" = "subnet-23456", "2" = "subnet-34567"}'
diff --git a/terraform/aws/consul.tf b/terraform/aws/consul.tf
index 19c5c318a..be70ce385 100644
--- a/terraform/aws/consul.tf
+++ b/terraform/aws/consul.tf
@@ -3,7 +3,8 @@ resource "aws_instance" "server" {
     instance_type = "${var.instance_type}"
     key_name = "${var.key_name}"
     count = "${var.servers}"
-    security_groups = ["${aws_security_group.consul.name}"]
+    security_groups = ["${aws_security_group.consul.id}"]
+    subnet_id = "${lookup(var.subnets, count.index % var.servers)}"
 
     connection {
         user = "${lookup(var.user, var.platform)}"
@@ -25,7 +26,7 @@ resource "aws_instance" "server" {
     provisioner "remote-exec" {
         inline = [
             "echo ${var.servers} > /tmp/consul-server-count",
-            "echo ${aws_instance.server.0.private_dns} > /tmp/consul-server-addr",
+            "echo ${aws_instance.server.0.private_ip} > /tmp/consul-server-addr",
         ]
     }
 
@@ -41,6 +42,7 @@ resource "aws_instance" "server" {
 resource "aws_security_group" "consul" {
     name = "consul_${var.platform}"
     description = "Consul internal traffic + maintenance."
+    vpc_id = "${var.vpc_id}"
 
     // These are for internal traffic
     ingress {
diff --git a/terraform/aws/variables.tf b/terraform/aws/variables.tf
index bae90a7ba..d86354f49 100644
--- a/terraform/aws/variables.tf
+++ b/terraform/aws/variables.tf
@@ -17,16 +17,20 @@ variable "ami" {
   description = "AWS AMI Id, if you change, make sure it is compatible with instance type, not all AMIs allow all instance types "
 
   default = {
-    us-east-1-ubuntu      = "ami-fce3c696"
-    us-east-2-ubuntu      = "ami-b7075dd2"
-    us-west-1-ubuntu      = "ami-a9a8e4c9"
-    us-west-2-ubuntu      = "ami-9abea4fb"
-    eu-west-1-ubuntu      = "ami-47a23a30"
-    eu-central-1-ubuntu   = "ami-accff2b1"
-    ap-northeast-1-ubuntu = "ami-90815290"
-    ap-northeast-2-ubuntu = "ami-58af6136"
-    ap-southeast-1-ubuntu = "ami-0accf458"
-    ap-southeast-2-ubuntu = "ami-1dc8b127"
+    ap-south-1-ubuntu	  = "ami-08a5e367"
+    us-east-1-ubuntu	  = "ami-d651b8ac"
+    ap-northeast-1-ubuntu = "ami-8422ebe2"
+    eu-west-1-ubuntu	  = "ami-17d11e6e"
+    ap-southeast-1-ubuntu = "ami-e6d3a585"
+    ca-central-1-ubuntu	  = "ami-e59c2581"
+    us-west-1-ubuntu	  = "ami-2d5c6d4d"
+    eu-central-1-ubuntu	  = "ami-5a922335"
+    sa-east-1-ubuntu	  = "ami-a3e39ecf"
+    ap-southeast-2-ubuntu = "ami-391ff95b"
+    eu-west-2-ubuntu	  = "ami-e1f2e185"
+    ap-northeast-2-ubuntu = "ami-0f6fb461"
+    us-west-2-ubuntu	  = "ami-ecc63a94"
+    us-east-2-ubuntu  	  = "ami-9686a4f3"
     us-east-1-rhel6       = "ami-0d28fe66"
     us-east-2-rhel6       = "ami-aff2a9ca"
     us-west-2-rhel6       = "ami-3d3c0a0d"
@@ -44,7 +48,7 @@ variable "ami" {
 
 variable "service_conf" {
   default = {
-    ubuntu  = "debian_upstart.conf"
+    ubuntu  = "debian_consul.service"
     rhel6   = "rhel_upstart.conf"
     centos6 = "rhel_upstart.conf"
     centos7 = "rhel_consul.service"
@@ -54,7 +58,7 @@ variable "service_conf" {
 
 variable "service_conf_dest" {
   default = {
-    ubuntu  = "upstart.conf"
+    ubuntu  = "consul.service"
     rhel6   = "upstart.conf"
     centos6 = "upstart.conf"
     centos7 = "consul.service"
@@ -89,3 +93,13 @@ variable "tagName" {
   default     = "consul"
   description = "Name tag for the servers"
 }
+
+variable "subnets" {
+  type = "map"
+  description = "map of subnets to deploy your infrastructure in, must have as many keys as your server count (default 3), -var 'subnets={\"0\"=\"subnet-12345\",\"1\"=\"subnets-23456\"}' "
+}
+
+variable "vpc_id" {
+  type = "string"
+  description = "ID of the VPC to use - in case your account doesn't have default VPC"
+}
\ No newline at end of file
diff --git a/terraform/shared/scripts/debian_consul.service b/terraform/shared/scripts/debian_consul.service
new file mode 100644
index 000000000..ab40a1767
--- /dev/null
+++ b/terraform/shared/scripts/debian_consul.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=consul agent
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+EnvironmentFile=-/etc/sysconfig/consul
+Restart=on-failure
+ExecStart=/usr/local/bin/consul agent $CONSUL_FLAGS -config-dir=/etc/systemd/system/consul.d
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
diff --git a/terraform/shared/scripts/install.sh b/terraform/shared/scripts/install.sh
index 15abbd5a5..afdd8c0cf 100644
--- a/terraform/shared/scripts/install.sh
+++ b/terraform/shared/scripts/install.sh
@@ -3,8 +3,7 @@ set -e
 
 echo "Installing dependencies..."
 if [ -x "$(command -v apt-get)" ]; then
-  sudo apt-get update -y
-  sudo apt-get install -y unzip
+  sudo su -s /bin/bash -c 'sleep 30 && apt-get update && apt-get install unzip' root
 else
   sudo yum update -y
   sudo yum install -y unzip wget
@@ -12,7 +11,7 @@ fi
 
 
 echo "Fetching Consul..."
-CONSUL=0.9.0
+CONSUL=0.9.3
 cd /tmp
 wget https://releases.hashicorp.com/consul/${CONSUL}/consul_${CONSUL}_linux_amd64.zip -O consul.zip --quiet
 
@@ -43,9 +42,11 @@ then
   sudo chmod 0644 /etc/service/consul
 else
   echo "Installing Systemd service..."
+  sudo mkdir -p /etc/sysconfig
   sudo mkdir -p /etc/systemd/system/consul.d
   sudo chown root:root /tmp/consul.service
   sudo mv /tmp/consul.service /etc/systemd/system/consul.service
+  sudo mv /tmp/consul*json /etc/systemd/system/consul.d/ || echo
   sudo chmod 0644 /etc/systemd/system/consul.service
   sudo mv /tmp/consul_flags /etc/sysconfig/consul
   sudo chown root:root /etc/sysconfig/consul