diff --git a/README.md b/README.md index 972e69f..dfec82e 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ # terraform-nexus-module -# terraform-gitlab-module - This module assumes following resources are already available: 1. VPC 2. Public Subnet @@ -10,19 +8,28 @@ This module assumes following resources are already available: 5. Internet gateway for public subnet 6. Registered Domain Name 7. Route53 Hosted Zone +8. Certificate for Registered Domain Name and it creates following resources: 1. Gitlab Instance -2. ALB for Nexus -3. Certificate for Nexus instance -4. IAM user -5. SSH Key Pair -6. KMS Key -7. Route53 entry -8. S3 Buckets -9. Security Groups -10. Bastion Host +2. ALB for Nexus and Docker registry +3. IAM user for Nexus Blob stores +4. KMS Key for EBS encryption +5. Route53 entry for Nexus and Docker Registry +6. S3 Buckets for Nexus Blob stores +7. Security Groups +8. Bastion Host + +*NOTE*: +1. Initial nexus admin password is stored in `docker-container/nexus-data/admin.password`, you will have to `exec` into docker container in AWS instance. +Steps: + - Store your SSH key in system's SSH-key store (`ssh-add -K keyname`). + - SSH into nexus ec2 instance using bastion host (`ssh -A -t centos@{public-ip-bastion ssh centos@private-ip-nexus`). + - Exec into running docker container (`docker exec -it nexus sh`). + - Fetch admin password (`cat /nexus-data/admin.password`). + - You can then use this password to login to your Nexus UI and reset password. +2. This module creates S3 buckets for Maven, NPM and Docker registries which can be registered as blob stores in nexus instance. Usage: ``` @@ -33,14 +40,27 @@ module "nexus" { name = "app" stage = "test" attributes = ["xyz"] - private_subnet_id = var.private_subnet_id + private_subnet_id1 = var.private_subnet_id1 + private_subnet_id2 = var.private_subnet_id2 public_subnet_id1 = var.public_subnet_id1 public_subnet_id2 = var.public_subnet_id2 - domain_name = var.domain_name + dns_name = var.dns_name + registry_domain_name = var.registry_domain_name + docker_domain_name = var.docker_domain_name zone_id = var.zone_id ssh_key_name = var.ssh_key_name nexus_application_ami = var.nexus_ami nexus_kms_alias = var.nexus_kms_alias + nexus_npm_registry_s3_bucket = var.nexus_npm_registry_s3_bucket + nexus_npm_private_s3_bucket = var.nexus_npm_private_s3_bucket + nexus_npm_group_s3_bucket = var.nexus_npm_group_s3_bucket + nexus_maven_snapshots_s3_bucket = var.nexus_maven_snapshots_s3_bucket + nexus_maven_releases_s3_bucket = var.nexus_maven_releases_s3_bucket + nexus_maven_group_s3_bucket = var.nexus_maven_group_s3_bucket + nexus_maven_central_s3_bucket = var.nexus_maven_central_s3_bucket + nexus_docker_private_s3_bucket = var.nexus_docker_private_s3_bucket + nexus_docker_hub_s3_bucket_name = var.nexus_docker_hub_s3_bucket_name + nexus_docker_group_s3_bucket = var.nexus_docker_group_s3_bucket } ``` @@ -57,38 +77,58 @@ module "nexus" { | domain_name | ALB record53 entry domain name | `string`| "" | yes | | public_subnet_id1 | Public subnet ID to attach | `string`| "" | yes | | public_subnet_id2 | Public subnet ID to attach | `string`| "" | yes | -| private_subnet_id | Private subnet ID to attach | `string`| "" | yes | +| private_subnet_id1 | Private subnet ID to attach | `string`| "" | yes | +| private_subnet_id2 | Private subnet ID to attach | `string`| "" | yes | | vpc_id | Id of the VPC Gitlab will be provisioned in | `string`| "" | yes | | nexus_data_disk_size | Size of nexus data disk to provision | `number`| `10 ` | no | | nexus_data_device_name | Name of nexus data disk | `string`| `/dev/xvdi` | no | | nexus_data_directory | Location of nexus data disk | `string`| `/nexus/data` | no | -| snapshot_interval | How often this lifecycle policy should be evaluated | `string`| `24` | no | -| snapshot_start_time | List of times in 24 hour clock format that sets when the lifecycle policy should be evaluated | `string`| `00:00` | no | -| retain_rule | How many snapshots to keep. Must be an integer between 1 and 1000. | `number`| `10` | no | | nexus_alb_ideal_timeout | Time in seconds that the connection is allowed to be idle. | `number`| `60` | no | | nexus_application_ami | AMI of nexus application to be used with Nexus instance. | `string`| "" | yes | | zone_id | ID of the hosted zone to contain Route53 record. | `string`| "" | yes | | nexus_kms_alias | Display name of KMS Key alias. Name must start with the word `alias` followed by a forward slash | `string`| "" | yes | | enable_key_rotation | Specifies whether key rotation is enabled | `bool` | `true` | no | | ssh_key_name | SSH key for ec2 ssh | `string`| "" | yes | +| nexus_npm_registry_s3_bucket | Name of Nexus NPM Registry S3 bucket | `string`| "" | yes | +| nexus_npm_private_s3_bucket | Name of Nexus NPM Private S3 bucket | `string`| "" | yes | +| nexus_npm_group_s3_bucket | Name of Nexus NPM Group S3 bucket | `string`| "" | yes | +| nexus_maven_snapshots_s3_bucket | Name of Nexus Maven Snapshots S3 bucket | `string`| "" | yes | +| nexus_maven_releases_s3_bucket | Name of Nexus Maven Releases S3 bucket | `string`| "" | yes | +| nexus_maven_group_s3_bucket | Name of Nexus Maven Group S3 bucket | `string`| "" | yes | +| nexus_maven_central_s3_bucket | Name of Nexus Maven Central S3 bucket | `string`| "" | yes | +| nexus_docker_private_s3_bucket | Name of Nexus Docker Private S3 bucket | `string`| "" | yes | +| nexus_docker_hub_s3_bucket | Name of Nexus Docker Hub S3 bucket | `string`| "" | yes | +| nexus_docker_group_s3_bucket | Name of Nexus Docker Group S3 bucket | `string`| "" | yes | + + ## OUTPUT VALUE NAMES -| Name | Description | -| ----------------------------------| ------------------------------------------------| -| nexus_s3_secret_key | Nexus S3 IAM User secret key | -| nexus_s3_access_key | Nexus S3 IAM User access key | -| user_arn | Nexus S3 IAM User ARN | -| sg_nexus_internal_ssh_name | Security Group name for nexus internal SSH | -| sg_nexus_internal_ssh_ingress | Security Group ingress Rules nexus internal SSH | -| sg_nexus_external_ssh_name | Security Group name for nexus bastion | -| sg_nexus_external_ssh_ingress | Security Group ingress rules for nexus bastion | -| sg_nexus_alb_name | Security Group name for nexus ALB | -| sg_nexus _alb_ingress | Security Group ingress rules nexus ALB | -| sg_internal_nexus_name | Security Group name for nexus instance | -| sg_internal_nexus_ingress | Security Group ingress rules nexus instance | -| nexus_acm_cert_arn | Nexus ACM Certificate ARN | -| nexus_route53_cert_validation | Nexus ALB Route53 FQDN | -| nexus_route53_nexus_alb | Route53 FQDN for Nexus instance | -| nexus_bastion_public_eip | EIP Address of Nexus Bastion Instance | -| nexus_private_ip | Private IP Address of Gitlab Instance | \ No newline at end of file +| Name | Description | +| -------------------------------------| ------------------------------------------------| +| nexus_s3_secret_key | Nexus S3 IAM User secret key | +| nexus_s3_access_key | Nexus S3 IAM User access key | +| user_arn | Nexus S3 IAM User ARN | +| sg_nexus_internal_ssh_name | Security Group name for nexus internal SSH | +| sg_nexus_internal_ssh_ingress | Security Group ingress Rules nexus internal SSH | +| sg_nexus_external_ssh_name | Security Group name for nexus bastion | +| sg_nexus_external_ssh_ingress | Security Group ingress rules for nexus bastion | +| sg_nexus_alb_name | Security Group name for nexus ALB | +| sg_nexus _alb_ingress | Security Group ingress rules nexus ALB | +| sg_internal_nexus_name | Security Group name for nexus instance | +| sg_internal_nexus_ingress | Security Group ingress rules nexus instance | +| nexus_acm_cert_arn | Nexus ACM Certificate ARN | +| nexus_route53_cert_validation | Nexus ALB Route53 FQDN | +| nexus_route53_nexus_alb | Route53 FQDN for Nexus instance | +| nexus_bastion_public_eip | EIP Address of Nexus Bastion Instance | +| nexus_private_ip | Private IP Address of Gitlab Instance | +| nexus_npm_registry_s3_bucket_name | Name of Nexus NPM Registry S3 bucket | +| nexus_npm_private_s3_bucket_name | Name of Nexus NPM Private S3 bucket | +| nexus_npm_group_s3_bucket_name | Name of Nexus NPM Group S3 bucket | +| nexus_maven_snapshots_s3_bucket_name | Name of Nexus Maven Snapshots S3 bucke | +| nexus_maven_releases_s3_bucket_name | Name of Nexus Maven Releases S3 bucket | +| nexus_maven_group_s3_bucket_name | Name of Nexus Maven Group S3 bucket | +| nexus_maven_central_s3_bucket_name | Name of Nexus Maven Central S3 bucket | +| nexus_docker_hub_s3_bucket_name_name | Name of Nexus Docker Hub S3 bucket | +| nexus_docker_group_s3_bucket_name | Name of Nexus Docker Group S3 bucket | +| nexus_docker_private_s3_bucket_name | Name of Nexus Docker Private S3 bucket | \ No newline at end of file diff --git a/examples/main.tf b/examples/main.tf index 94eb44b..f09cb98 100644 --- a/examples/main.tf +++ b/examples/main.tf @@ -30,6 +30,6 @@ module "nexus" { nexus_maven_group_s3_bucket = var.nexus_maven_group_s3_bucket nexus_maven_central_s3_bucket = var.nexus_maven_central_s3_bucket nexus_docker_private_s3_bucket = var.nexus_docker_private_s3_bucket - nexus_docker_hub_s3_bucket_name = var.nexus_docker_hub_s3_bucket_name + nexus_docker_hub_s3_bucket = var.nexus_docker_hub_s3_bucket nexus_docker_group_s3_bucket = var.nexus_docker_group_s3_bucket } \ No newline at end of file diff --git a/examples/outputs.tf b/examples/outputs.tf index 4cac7ea..95c117f 100644 --- a/examples/outputs.tf +++ b/examples/outputs.tf @@ -52,4 +52,44 @@ output "nexus_bastion_public_eip" { output "nexus_private_ip" { value = module.nexus.nexus_private_ip +} + +output "nexus_npm_registry_s3_bucket_name" { + value = module.nexus.nexus_npm_registry_s3_bucket_name +} + +output "nexus_npm_private_s3_bucket_name" { + value = module.nexus.nexus_npm_private_s3_bucket_name +} + +output "nexus_npm_group_s3_bucket_name" { + value = module.nexus.nexus_npm_group_s3_bucket_name +} + +output "nexus_maven_snapshots_s3_bucket_name" { + value = module.nexus.nexus_maven_snapshots_s3_bucket_name +} + +output "nexus_maven_releases_s3_bucket_name" { + value = module.nexus.nexus_maven_releases_s3_bucket_name +} + +output "nexus_maven_group_s3_bucket_name" { + value = module.nexus.nexus_maven_group_s3_bucket_name +} + +output "nexus_maven_central_s3_bucket_name" { + value = module.nexus.nexus_maven_central_s3_bucket_name +} + +output "nexus_docker_private_s3_bucket_name" { + value = module.nexus.nexus_docker_private_s3_bucket_name +} + +output "nexus_docker_hub_s3_bucket_name" { + value = module.nexus.nexus_docker_hub_s3_bucket_name +} + +output "nexus_docker_group_s3_bucket_name" { + value = module.nexus.nexus_docker_group_s3_bucket_name } \ No newline at end of file diff --git a/examples/variables.tf b/examples/variables.tf index 0fe540a..f8ed51f 100644 --- a/examples/variables.tf +++ b/examples/variables.tf @@ -66,7 +66,7 @@ variable "nexus_maven_central_s3_bucket" { variable "nexus_docker_private_s3_bucket" { } -variable "nexus_docker_hub_s3_bucket_name" { +variable "nexus_docker_hub_s3_bucket" { } variable "nexus_docker_group_s3_bucket" { diff --git a/module/ebs.tf b/module/ebs.tf index 198caba..9436336 100644 --- a/module/ebs.tf +++ b/module/ebs.tf @@ -4,10 +4,7 @@ resource "aws_ebs_volume" "nexus_data" { encrypted = true type = "gp2" availability_zone = data.aws_subnet.private_selected1.availability_zone - tags = { - "Name" = format("%s-nexus-data-disk",module.nexus_label.name), - "Type" = "nexus-data" - } + tags = { "Name" = format("%s-nexus-data-disk",module.nexus_label.name), "Type" = "nexus-data" } } resource "aws_volume_attachment" "nexus_data_attachment" { diff --git a/module/outputs.tf b/module/outputs.tf index 902b459..98e5f9f 100644 --- a/module/outputs.tf +++ b/module/outputs.tf @@ -53,3 +53,43 @@ output "nexus_bastion_public_eip" { output "nexus_private_ip" { value = aws_instance.nexus_application.private_ip } + +output "nexus_npm_registry_s3_bucket_name" { + value = aws_s3_bucket.nexus_npm_registry_s3_bucket.bucket +} + +output "nexus_npm_private_s3_bucket_name" { + value = aws_s3_bucket.nexus_npm_private_s3_bucket.bucket +} + +output "nexus_npm_group_s3_bucket_name" { + value = aws_s3_bucket.nexus_npm_group_s3_bucket.bucket +} + +output "nexus_maven_snapshots_s3_bucket_name" { + value = aws_s3_bucket.nexus_maven_snapshots_s3_bucket.bucket +} + +output "nexus_maven_releases_s3_bucket_name" { + value = aws_s3_bucket.nexus_maven_releases_s3_bucket.bucket +} + +output "nexus_maven_group_s3_bucket_name" { + value = aws_s3_bucket.nexus_maven_group_s3_bucket.bucket +} + +output "nexus_maven_central_s3_bucket_name" { + value = aws_s3_bucket.nexus_maven_central_s3_bucket.bucket +} + +output "nexus_docker_private_s3_bucket_name" { + value = aws_s3_bucket.nexus_docker_private_s3_bucket.bucket +} + +output "nexus_docker_hub_s3_bucket_name" { + value = aws_s3_bucket.nexus_docker_hub_s3_bucket.bucket +} + +output "nexus_docker_group_s3_bucket_name" { + value = aws_s3_bucket.nexus_docker_group_s3_bucket.bucket +} diff --git a/module/s3.tf b/module/s3.tf index fe51cb6..628d330 100644 --- a/module/s3.tf +++ b/module/s3.tf @@ -19,7 +19,7 @@ tags = merge(module.nexus_label.tags, {"Bucket-Name" = format("%s-%s",module.ne } resource "aws_s3_bucket" "nexus_docker_hub_s3_bucket" { - bucket = format("%s-%s",module.nexus_label.id, var.nexus_docker_hub_s3_bucket_name) + bucket = format("%s-%s",module.nexus_label.id, var.nexus_docker_hub_s3_bucket) acl = "private" force_destroy = var.force_destroy_s3_bucket @@ -35,7 +35,7 @@ resource "aws_s3_bucket" "nexus_docker_hub_s3_bucket" { enabled = true } - tags = merge(module.nexus_label.tags, {"Bucket-Name" = format("%s-%s",module.nexus_label.id, var.nexus_docker_hub_s3_bucket_name)}) + tags = merge(module.nexus_label.tags, {"Bucket-Name" = format("%s-%s",module.nexus_label.id, var.nexus_docker_hub_s3_bucket)}) } resource "aws_s3_bucket" "nexus_docker_private_s3_bucket" { diff --git a/module/variables.tf b/module/variables.tf index 4d9f96d..52671ae 100644 --- a/module/variables.tf +++ b/module/variables.tf @@ -80,7 +80,7 @@ variable "nexus_data_disk_size" { variable "nexus_data_device_name" { type = string description = "The name nexus data disk" - default = "/dev/sdf" + default = "/dev/xvdb" } variable "nexus_data_directory" { @@ -186,7 +186,7 @@ variable "nexus_docker_private_s3_bucket" { default = "" } -variable "nexus_docker_hub_s3_bucket_name" { +variable "nexus_docker_hub_s3_bucket" { type = string description = "Name of Nexus Docker Hub S3 bucket" default = ""