From 88ec9b3eafa699041c877b6eecb155c8d808a69e Mon Sep 17 00:00:00 2001
From: Garth Bushell <garth.bushell@oracle.com>
Date: Wed, 28 Mar 2018 18:24:53 +0100
Subject: [PATCH 1/2] Initial cut of moving all etcd stuff to a module

---
 bashsource.tf                                 |  55 -------
 datasources.tf                                |   5 -
 etcd-cluster/datasources.tf                   |   9 ++
 .../cloud_init/#bootstrap.template.sh#        | 106 +++++++++++++
 .../cloud_init/bootstrap.template.sh          |   0
 .../instance}/datasources.tf                  |   0
 .../etcd => etcd-cluster/instance}/main.tf    |   2 +-
 .../etcd => etcd-cluster/instance}/outputs.tf |   0
 .../instance}/variables.tf                    |   5 +-
 .../loadbalancer}/main.tf                     |   0
 .../loadbalancer}/outputs.tf                  |   0
 .../loadbalancer}/variables.tf                |   0
 etcd-cluster/main.tf                          | 148 ++++++++++++++++++
 etcd-cluster/output.tf                        |  23 +++
 etcd-cluster/variables.tf                     |  91 +++++++++++
 k8s-oci.tf                                    | 124 +++------------
 outputs.tf                                    |  17 +-
 17 files changed, 400 insertions(+), 185 deletions(-)
 create mode 100644 etcd-cluster/datasources.tf
 create mode 100644 etcd-cluster/instance/cloud_init/#bootstrap.template.sh#
 rename {instances/etcd => etcd-cluster/instance}/cloud_init/bootstrap.template.sh (100%)
 rename {instances/etcd => etcd-cluster/instance}/datasources.tf (100%)
 rename {instances/etcd => etcd-cluster/instance}/main.tf (96%)
 rename {instances/etcd => etcd-cluster/instance}/outputs.tf (100%)
 rename {instances/etcd => etcd-cluster/instance}/variables.tf (95%)
 rename {network/loadbalancers/etcd => etcd-cluster/loadbalancer}/main.tf (100%)
 rename {network/loadbalancers/etcd => etcd-cluster/loadbalancer}/outputs.tf (100%)
 rename {network/loadbalancers/etcd => etcd-cluster/loadbalancer}/variables.tf (100%)
 create mode 100644 etcd-cluster/main.tf
 create mode 100644 etcd-cluster/output.tf
 create mode 100644 etcd-cluster/variables.tf

diff --git a/bashsource.tf b/bashsource.tf
index 8a9c4b7..a4fcf64 100644
--- a/bashsource.tf
+++ b/bashsource.tf
@@ -4,61 +4,6 @@ resource null_resource "build_source" {
   }
 }
 
-resource null_resource "etcd-ad1" {
-  count = "${var.etcdAd1Count}"
-  depends_on = [
-    "module.instances-etcd-ad1",
-    "null_resource.build_source"
-  ] 
-  
-  triggers {
-    etcd_id = "${element(module.instances-etcd-ad1.ids, count.index)}"
-    build_source_id = "${null_resource.build_source.id}"
-  }
-  
-  provisioner "local-exec" {
-    command = "echo 'alias ${var.label_prefix}etcdad1-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-etcd-ad1.instance_public_ips, count.index)}\"' >> source.sh"
-  }
-}
-
-resource null_resource "etcd-ad2" {
-  count = "${var.etcdAd2Count}"
-  depends_on = [
-    "module.instances-etcd-ad2",
-    "null_resource.build_source"
-  ] 
-
-  triggers {
-    etcd_id = "${element(module.instances-etcd-ad2.ids, count.index)}"
-    build_source_id = "${null_resource.build_source.id}"
-  }
-
-  provisioner "local-exec" {
-    command = "echo 'alias ${var.label_prefix}etcdad2-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-etcd-ad2.instance_public_ips, count.index)}\"' >> source.sh"
-  }
-}
-
-
-resource null_resource "etcd-ad3" {
-  count = "${var.etcdAd3Count}"
-  depends_on = [
-    "module.instances-etcd-ad3",
-  ] 
-
-  triggers {
-    etcd_id = "${element(module.instances-etcd-ad3.ids, count.index)}"
-    build_source_id = "${null_resource.build_source.id}"    
-  }
-
-  provisioner "local-exec" {
-    command = "echo 'alias ${var.label_prefix}etcad3-${count.index}=\"ssh -i ${path.root}/generated/instances_id_rsa opc@${element(module.instances-etcd-ad3.instance_public_ips, count.index)}\"' >> source.sh"
-  }
-}
-
-
-
-
-
 resource null_resource "k8smaster-ad1" {
   count = "${var.k8sMasterAd1Count}"
   depends_on = [
diff --git a/datasources.tf b/datasources.tf
index 75b1db1..5f949fb 100644
--- a/datasources.tf
+++ b/datasources.tf
@@ -2,8 +2,3 @@ data "oci_identity_availability_domains" "ADs" {
   compartment_id = "${var.tenancy_ocid}"
 }
 
-resource "template_file" "etcd_discovery_url" {
-  provisioner "local-exec" {
-    command = "[ -d ${path.root}/generated ] || mkdir -p ${path.root}/generated && curl --retry 3 https://discovery.etcd.io/new?size=${var.etcdAd1Count + var.etcdAd2Count + var.etcdAd3Count} > ${path.root}/generated/discovery${self.id}"
-  }
-}
diff --git a/etcd-cluster/datasources.tf b/etcd-cluster/datasources.tf
new file mode 100644
index 0000000..75b1db1
--- /dev/null
+++ b/etcd-cluster/datasources.tf
@@ -0,0 +1,9 @@
+data "oci_identity_availability_domains" "ADs" {
+  compartment_id = "${var.tenancy_ocid}"
+}
+
+resource "template_file" "etcd_discovery_url" {
+  provisioner "local-exec" {
+    command = "[ -d ${path.root}/generated ] || mkdir -p ${path.root}/generated && curl --retry 3 https://discovery.etcd.io/new?size=${var.etcdAd1Count + var.etcdAd2Count + var.etcdAd3Count} > ${path.root}/generated/discovery${self.id}"
+  }
+}
diff --git a/etcd-cluster/instance/cloud_init/#bootstrap.template.sh# b/etcd-cluster/instance/cloud_init/#bootstrap.template.sh#
new file mode 100644
index 0000000..38ab78f
--- /dev/null
+++ b/etcd-cluster/instance/cloud_init/#bootstrap.template.sh#
@@ -0,0 +1,106 @@
+#!/bin/bash -x
+
+# Turn off SELinux
+sudo sed -i  s/SELINUX=enforcing/SELINUX=permissive/ /etc/selinux/config
+setenforce 0
+
+# Set working dir
+cd /home/opc
+
+# enable ol7 addons
+yum-config-manager --disable ol7_UEKR3
+yum-config-manager --enable ol7_addons ol7_latest ol7_UEKR4 ol7_optional ol7_optional_latest
+
+
+
+# Install Docker
+until yum -y install docker-engine-${docker_ver}; do sleep 1 && echo -n "."; done
+
+cat <<EOF > /etc/sysconfig/docker
+OPTIONS="--selinux-enabled --log-opt max-size=${docker_max_log_size} --log-opt max-file=${docker_max_log_files}"
+DOCKER_CERT_PATH=/etc/docker
+GOTRACEBACK=crash
+EOF
+
+# Start Docker
+systemctl daemon-reload
+systemctl enable docker
+systemctl restart docker
+
+docker info
+
+###################
+# Drop firewall rules
+iptables -F
+
+###################
+# etcd
+
+# Get IP Address of self
+IP_LOCAL=$(ip route show to 0.0.0.0/0 | awk '{ print $5 }' | xargs ip addr show | grep -Po 'inet \K[\d.]+')
+SUBNET=$(getent hosts $IP_LOCAL | awk '{print $2}' | cut -d. -f2)
+
+HOSTNAME=$(hostname)
+FQDN_HOSTNAME="$(getent hosts $IP_LOCAL | awk '{print $2}')"
+
+## Login iSCSI volume mount and create filesystem at /etcd
+######################################
+iqn=$(iscsiadm --mode discoverydb --type sendtargets --portal 169.254.2.2:3260 --discover| cut -f2 -d" ")
+
+if [ -n "$${iqn}" ]; then
+    echo "iSCSI Login $${iqn}"
+    iscsiadm -m node -o new -T $${iqn} -p 169.254.2.2:3260
+    iscsiadm -m node -o update -T $${iqn} -n node.startup -v automatic
+    iscsiadm -m node -T $${iqn} -p 169.254.2.2:3260 -l
+    # Wait for device to apear...
+    until [[ -e "/dev/disk/by-path/ip-169.254.2.2:3260-iscsi-$${iqn}-lun-1" ]]; do sleep 1 && echo -n "."; done
+    # If the volume has been created and formatted before but it's just a new instance this may fail
+    # but if so ignore and carry on.
+    mkfs -t xfs "/dev/disk/by-path/ip-169.254.2.2:3260-iscsi-$${iqn}-lun-1";
+    echo "$$(readlink -f /dev/disk/by-path/ip-169.254.2.2:3260-iscsi-$${iqn}-lun-1) /etcd xfs defaults,noatime,_netdev 0 2" >> /etc/fstab
+    mkdir -p  /etcd
+    mount -t xfs "/dev/disk/by-path/ip-169.254.2.2:3260-iscsi-$${iqn}-lun-1"  /etcd
+fi
+
+docker run -d \
+        --restart=always \
+	-p 2380:2380 -p 2379:2379 \
+	-v /etc/ssl/certs/ca-bundle.crt:/etc/ssl/certs/ca-bundle.crt \
+	-v /etcd:/$HOSTNAME.etcd \
+	--net=host \
+	quay.io/coreos/etcd:${etcd_ver} \
+	/usr/local/bin/etcd \
+	-name $HOSTNAME \
+	-advertise-client-urls http://$IP_LOCAL:2379 \
+	-listen-client-urls http://$IP_LOCAL:2379,http://127.0.0.1:2379 \
+	-listen-peer-urls http://0.0.0.0:2380 \
+	-discovery ${etcd_discovery_url}
+
+# Generate a flannel configuration JSON that we will store into etcd using curl.
+cat >/tmp/flannel-network.json <<EOF
+{
+  "Network": "${flannel_network_cidr}",
+  "Subnetlen": ${flannel_network_subnetlen},
+  "Backend": {
+    "Type": "${flannel_backend}",
+    "VNI" : 1
+  }
+}
+EOF
+
+# wait for etcd to become active
+while ! curl -sf -o /dev/null http://$FQDN_HOSTNAME:2379/v2/keys/; do
+	sleep 1
+	echo "Try again"
+done
+
+# put the flannel config in etcd
+curl -sf -L http://$FQDN_HOSTNAME:2379/v2/keys/flannel/network/config -X PUT --data-urlencode value@/tmp/flannel-network.json
+
+# Download etcdctl client etcd_ver
+while ! curl -L https://github.com/coreos/etcd/releases/download/${etcd_ver}/etcd-${etcd_ver}-linux-amd64.tar.gz -o /tmp/etcd-${etcd_ver}-linux-amd64.tar.gz; do
+	sleep 1
+	((secs++)) && ((secs==10)) && break
+	echo "Try again"
+done
+tar zxf /tmp/etcd-${etcd_ver}-linux-amd64.tar.gz -C /tmp/ && cp /tmp/etcd-${etcd_ver}-linux-amd64/etcd* /usr/local/bin/
diff --git a/instances/etcd/cloud_init/bootstrap.template.sh b/etcd-cluster/instance/cloud_init/bootstrap.template.sh
similarity index 100%
rename from instances/etcd/cloud_init/bootstrap.template.sh
rename to etcd-cluster/instance/cloud_init/bootstrap.template.sh
diff --git a/instances/etcd/datasources.tf b/etcd-cluster/instance/datasources.tf
similarity index 100%
rename from instances/etcd/datasources.tf
rename to etcd-cluster/instance/datasources.tf
diff --git a/instances/etcd/main.tf b/etcd-cluster/instance/main.tf
similarity index 96%
rename from instances/etcd/main.tf
rename to etcd-cluster/instance/main.tf
index cfe5ddd..fa8b058 100644
--- a/instances/etcd/main.tf
+++ b/etcd-cluster/instance/main.tf
@@ -16,7 +16,7 @@ resource "oci_core_instance" "TFInstanceEtcd" {
     display_name      = "${var.label_prefix}${var.display_name_prefix}-${count.index}"
     hostname_label    = "${var.hostname_label_prefix}-${count.index}"
     assign_public_ip  = "${(var.control_plane_subnet_access == "private") ? "false" : "true"}"
-    private_ip        = "${var.assign_private_ip == "true" ? cidrhost(lookup(var.network_cidrs,var.subnet_name), count.index+2) : ""}"
+    private_ip        = "${var.assign_private_ip == "true" ? cidrhost(var.subnet_cidr, count.index+2) : ""}"
   },
 
   extended_metadata {
diff --git a/instances/etcd/outputs.tf b/etcd-cluster/instance/outputs.tf
similarity index 100%
rename from instances/etcd/outputs.tf
rename to etcd-cluster/instance/outputs.tf
diff --git a/instances/etcd/variables.tf b/etcd-cluster/instance/variables.tf
similarity index 95%
rename from instances/etcd/variables.tf
rename to etcd-cluster/instance/variables.tf
index 0298ec3..c4f1324 100644
--- a/instances/etcd/variables.tf
+++ b/etcd-cluster/instance/variables.tf
@@ -1,6 +1,3 @@
-variable "network_cidrs" {
-  type = "map"
-}
 variable "availability_domain" {}
 variable "compartment_ocid" {}
 variable "display_name_prefix" {}
@@ -11,7 +8,7 @@ variable "shape" {
 }
 
 variable "subnet_id" {}
-variable "subnet_name" {}
+variable "subnet_cidr" {}
 variable "ssh_public_key_openssh" {}
 variable "domain_name" {}
 
diff --git a/network/loadbalancers/etcd/main.tf b/etcd-cluster/loadbalancer/main.tf
similarity index 100%
rename from network/loadbalancers/etcd/main.tf
rename to etcd-cluster/loadbalancer/main.tf
diff --git a/network/loadbalancers/etcd/outputs.tf b/etcd-cluster/loadbalancer/outputs.tf
similarity index 100%
rename from network/loadbalancers/etcd/outputs.tf
rename to etcd-cluster/loadbalancer/outputs.tf
diff --git a/network/loadbalancers/etcd/variables.tf b/etcd-cluster/loadbalancer/variables.tf
similarity index 100%
rename from network/loadbalancers/etcd/variables.tf
rename to etcd-cluster/loadbalancer/variables.tf
diff --git a/etcd-cluster/main.tf b/etcd-cluster/main.tf
new file mode 100644
index 0000000..ab5c646
--- /dev/null
+++ b/etcd-cluster/main.tf
@@ -0,0 +1,148 @@
+
+
+module "etcd-lb" {
+  source           = "./loadbalancer"
+  etcd_lb_enabled  = "${var.etcd_lb_enabled}"
+  compartment_ocid = "${var.compartment_ocid}"
+  is_private       = "${var.etcd_lb_access == "private" ? "true": "false"}"
+
+  # Handle case where var.etcd_lb_access=public, but var.control_plane_subnet_access=private
+  # etcd_subnet_0_id = "${var.subnet_ad1_id}"
+  # etcd_subnet_1_id = "${var.subnet_ad2_id}"
+  # FIXME add LB subnet??
+  # For public access???
+  # Crazy talk...
+  etcd_subnet_0_id     = "${var.subnet_ad1_id}"
+  etcd_subnet_1_id     = "" # ${var.subnet_ad2_id}"
+  etcd_ad1_private_ips = "${module.instances-etcd-ad1.private_ips}"
+  etcd_ad2_private_ips = "${module.instances-etcd-ad2.private_ips}"
+  etcd_ad3_private_ips = "${module.instances-etcd-ad3.private_ips}"
+  etcdAd1Count         = "${var.etcdAd1Count}"
+  etcdAd2Count         = "${var.etcdAd2Count}"
+  etcdAd3Count         = "${var.etcdAd3Count}"
+  label_prefix         = "${var.label_prefix}"
+  shape                = "${var.etcdLBShape}"
+}
+
+
+module "instances-etcd-ad1" {
+  source                      = "./instance"
+  count                       = "${var.etcdAd1Count}"
+  
+  availability_domain         = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[0],"name")}"
+  # Provider
+  compartment_ocid            = "${var.compartment_ocid}"
+  tenancy_ocid                = "${var.compartment_ocid}"
+
+  # Instancey??
+  display_name_prefix         = "etcd-ad1"
+  hostname_label_prefix       = "etcd-ad1"
+  label_prefix                = "${var.label_prefix}"
+  etcd_discovery_url          = "${template_file.etcd_discovery_url.id}"
+  oracle_linux_image_name     = "${var.etcd_ol_image_name}"
+  shape                       = "${var.etcdShape}"
+  ssh_public_key_openssh      = "${var.ssh_public_key_openssh}"
+
+  # Network 
+  subnet_id                   = "${var.subnet_ad1_id}"
+  subnet_cidr                 = "10.0.20.0/24"
+  domain_name                 = "${var.domain_name}"
+  assign_private_ip           = "${var.etcd_maintain_private_ip == "true" ? "true": "false"}"
+  control_plane_subnet_access = "${var.control_plane_subnet_access}"
+  
+  # Network Overlay
+  flannel_backend             = "${var.flannel_config["backend"]}"
+  flannel_network_cidr        = "${var.flannel_config["network_cidr"]}"
+  flannel_network_subnetlen   = "${var.flannel_config["network_subnetlen"]}"
+  
+  # Docker
+  etcd_docker_max_log_size    = "${var.docker_config["max_log_size"]}"
+  etcd_docker_max_log_files   = "${var.docker_config["max_log_files"]}"
+
+  # volume
+  etcd_iscsi_volume_create    = "${var.iscsi_volume_config["create"]}"
+  etcd_iscsi_volume_size      = "${var.iscsi_volume_config["size"]}"
+}
+
+
+module "instances-etcd-ad2" {
+  source                      = "./instance"
+  count                       = "${var.etcdAd2Count}"
+  
+  availability_domain         = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[1],"name")}"
+  # Provider
+  compartment_ocid            = "${var.compartment_ocid}"
+  tenancy_ocid                = "${var.compartment_ocid}"
+
+  # Instancey??
+  display_name_prefix         = "etcd-ad2"
+  hostname_label_prefix       = "etcd-ad2"
+  label_prefix                = "${var.label_prefix}"
+  etcd_discovery_url          = "${template_file.etcd_discovery_url.id}"
+  oracle_linux_image_name     = "${var.etcd_ol_image_name}"
+  shape                       = "${var.etcdShape}"
+  ssh_public_key_openssh      = "${var.ssh_public_key_openssh}"
+
+  # Network 
+  subnet_id                   = "${var.subnet_ad2_id}"
+  #FIXME
+  subnet_cidr                 = "10.0.21.0/24"
+  domain_name                 = "${var.domain_name}"
+  assign_private_ip           = "${var.etcd_maintain_private_ip == "true" ? "true": "false"}"
+  control_plane_subnet_access = "${var.control_plane_subnet_access}"
+  
+  # Network Overlay
+  flannel_backend             = "${var.flannel_config["backend"]}"
+  flannel_network_cidr        = "${var.flannel_config["network_cidr"]}"
+  flannel_network_subnetlen   = "${var.flannel_config["network_subnetlen"]}"
+  
+  # Docker
+  etcd_docker_max_log_size    = "${var.docker_config["max_log_size"]}"
+  etcd_docker_max_log_files   = "${var.docker_config["max_log_files"]}"
+
+  # volume
+  etcd_iscsi_volume_create    = "${var.iscsi_volume_config["create"]}"
+  etcd_iscsi_volume_size      = "${var.iscsi_volume_config["size"]}"
+}
+
+
+module "instances-etcd-ad3" {
+  source                      = "./instance"
+  count                       = "${var.etcdAd3Count}"
+  
+  availability_domain         = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[2],"name")}"
+  # Provider
+  compartment_ocid            = "${var.compartment_ocid}"
+  tenancy_ocid                = "${var.compartment_ocid}"
+
+  # Instancey??
+  display_name_prefix         = "etcd-ad3"
+  hostname_label_prefix       = "etcd-ad3"
+  label_prefix                = "${var.label_prefix}"
+  etcd_discovery_url          = "${template_file.etcd_discovery_url.id}"
+  oracle_linux_image_name     = "${var.etcd_ol_image_name}"
+  shape                       = "${var.etcdShape}"
+  ssh_public_key_openssh      = "${var.ssh_public_key_openssh}"
+
+  # Network 
+  subnet_id                   = "${var.subnet_ad3_id}"
+  #FIXME
+  subnet_cidr                 = "10.0.22.0/24"
+  domain_name                 = "${var.domain_name}"
+  assign_private_ip           = "${var.etcd_maintain_private_ip == "true" ? "true": "false"}"
+  control_plane_subnet_access = "${var.control_plane_subnet_access}"
+  
+  # Network Overlay
+  flannel_backend             = "${var.flannel_config["backend"]}"
+  flannel_network_cidr        = "${var.flannel_config["network_cidr"]}"
+  flannel_network_subnetlen   = "${var.flannel_config["network_subnetlen"]}"
+  
+  # Docker
+  etcd_docker_max_log_size    = "${var.docker_config["max_log_size"]}"
+  etcd_docker_max_log_files   = "${var.docker_config["max_log_files"]}"
+
+  # volume
+  etcd_iscsi_volume_create    = "${var.iscsi_volume_config["create"]}"
+  etcd_iscsi_volume_size      = "${var.iscsi_volume_config["size"]}"
+}
+
diff --git a/etcd-cluster/output.tf b/etcd-cluster/output.tf
new file mode 100644
index 0000000..fc45ce9
--- /dev/null
+++ b/etcd-cluster/output.tf
@@ -0,0 +1,23 @@
+output "etcd_lb_ip" {
+  value = ["${module.etcd-lb.ip_addresses}"]
+}
+
+output "etcd_public_ips" {
+  value = "${compact(concat(module.instances-etcd-ad1.instance_public_ips,module.instances-etcd-ad2.instance_public_ips,module.instances-etcd-ad3.instance_public_ips))}"
+}
+
+output "etcd_private_ips" {
+  value = "${concat(module.instances-etcd-ad1.private_ips,module.instances-etcd-ad2.private_ips,module.instances-etcd-ad3.private_ips)}"
+}
+
+
+output "endpoints" {
+  value = "${var.etcd_lb_enabled == "true" ? 
+      join(",",formatlist("http://%s:2379", module.etcd-lb.ip_addresses)) :
+      join(",",formatlist("http://%s:2379", compact(concat(
+      module.instances-etcd-ad1.private_ips, 
+      module.instances-etcd-ad2.private_ips, 
+      module.instances-etcd-ad3.private_ips)))) }"
+}
+
+
diff --git a/etcd-cluster/variables.tf b/etcd-cluster/variables.tf
new file mode 100644
index 0000000..ff226e1
--- /dev/null
+++ b/etcd-cluster/variables.tf
@@ -0,0 +1,91 @@
+variable "compartment_ocid" {}
+variable "tenancy_ocid" {}
+
+
+variable "vcn" {}
+
+variable "subnet_ad1_id" {}
+variable "subnet_ad2_id" {}
+variable "subnet_ad3_id" {}
+
+variable "control_plane_subnet_access" {
+  description = "Whether instances in the control plane are launched in a public or private subnets"
+  default     = "public"
+}
+
+variable "domain_name" {}
+
+variable "etcd_ol_image_name" {
+  default = "Oracle-Linux-7.4-2018.01.20-0"
+}
+
+variable "label_prefix" {
+  description = "To create unique identifier for multiple clusters in a compartment."
+  type        = "string"
+  default     = ""
+}
+
+# Load Balancers
+variable "etcd_lb_enabled" {
+  description = "enable/disable the etcd load balancer. true: use the etcd load balancer ip. false:use a list of etcd instance ips."
+  default = "true"
+}
+
+variable "etcd_lb_access" {
+  description = "Whether etcd load balancer is launched in a public or private subnet"
+  default     = "private"
+}
+
+variable "etcdLBShape" {
+  default = "100Mbps"
+}
+
+variable "ssh_public_key_openssh" {
+  
+}
+
+variable "etcdShape" {
+  default = "VM.Standard1.1"
+}
+
+variable "docker_config"  {
+  type = "map"
+  default = {
+    max_log_size    = "50m"
+    max_log_files   = "5"
+  }
+}
+
+variable "flannel_config"  {
+  type = "map"
+  default = {
+    backend             = "VXLAN"
+    network_cidr        = "10.99.0.0/16"
+    network_subnetlen   = 24
+  }
+}
+
+variable "iscsi_volume_config"  {
+  type = "map"
+  default = {
+    create = false
+    size = 50
+  }
+}
+
+variable "etcdAd1Count" {
+  default = 1
+}
+
+variable "etcdAd2Count" {
+  default = 0
+}
+
+variable "etcdAd3Count" {
+  default = 0
+}
+
+variable "etcd_maintain_private_ip" {
+  default = "false"
+}
+
diff --git a/k8s-oci.tf b/k8s-oci.tf
index 4560e86..b871840 100644
--- a/k8s-oci.tf
+++ b/k8s-oci.tf
@@ -5,13 +5,6 @@ locals {
 
   reverse_proxy_clount_init = "${var.master_oci_lb_enabled == "true" ? "" : module.reverse-proxy.clount_init}"
   reverse_proxy_setup       = "${var.master_oci_lb_enabled == "true" ? "" : module.reverse-proxy.setup}"
-
-  etcd_endpoints = "${var.etcd_lb_enabled == "true" ?
-    join(",",formatlist("http://%s:2379", module.etcd-lb.ip_addresses)) :
-    join(",",formatlist("http://%s:2379", compact(concat(
-      module.instances-etcd-ad1.private_ips, 
-      module.instances-etcd-ad2.private_ips, 
-      module.instances-etcd-ad3.private_ips)))) }"
 }
 
 ### CA and Cluster Certificates
@@ -109,91 +102,30 @@ module "oci-volume-provisioner" {
 }
 
 ### Compute Instance(s)
+module "etcd-cluster" {
+  source = "./etcd-cluster"
 
-module "instances-etcd-ad1" {
-  source                      = "./instances/etcd"
-  count                       = "${var.etcdAd1Count}"
-  availability_domain         = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[0],"name")}"
-  compartment_ocid            = "${var.compartment_ocid}"
-  control_plane_subnet_access = "${var.control_plane_subnet_access}"
-  display_name_prefix         = "etcd-ad1"
-  domain_name                 = "${var.domain_name}"
-  etcd_discovery_url          = "${template_file.etcd_discovery_url.id}"
-  flannel_backend             = "${var.flannel_backend}"
-  flannel_network_cidr        = "10.99.0.0/16"
-  flannel_network_subnetlen   = 24
-  hostname_label_prefix       = "etcd-ad1"
-  oracle_linux_image_name     = "${var.etcd_ol_image_name}"
-  label_prefix                = "${var.label_prefix}"
-  shape                       = "${var.etcdShape}"
   ssh_public_key_openssh      = "${module.k8s-tls.ssh_public_key_openssh}"
-  network_cidrs               = "${var.network_cidrs}"
-  subnet_id                   = "${module.vcn.etcd_subnet_ad1_id}"
-  subnet_name                 = "etcdSubnetAD1"
-  tenancy_ocid                = "${var.compartment_ocid}"
-  etcd_docker_max_log_size    = "${var.etcd_docker_max_log_size}"
-  etcd_docker_max_log_files   = "${var.etcd_docker_max_log_files}"
-  etcd_iscsi_volume_create    = "${var.etcd_iscsi_volume_create}"
-  etcd_iscsi_volume_size      = "${var.etcd_iscsi_volume_size}"
-  assign_private_ip           = "${var.etcd_maintain_private_ip == "true" ? "true": "false"}"
-}
-
-module "instances-etcd-ad2" {
-  source                      = "./instances/etcd"
-  count                       = "${var.etcdAd2Count}"
-  availability_domain         = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[1],"name")}"
+  label_prefix                = "${var.label_prefix}"
+   
+  tenancy_ocid                = "${var.tenancy_ocid}"
   compartment_ocid            = "${var.compartment_ocid}"
-  control_plane_subnet_access = "${var.control_plane_subnet_access}"
-  display_name_prefix         = "etcd-ad2"
+  # Network
+  vcn                         = "${module.vcn.id}"
+  # Maybe a Map 
+  subnet_ad1_id               = "${module.vcn.etcd_subnet_ad1_id}"
+  subnet_ad2_id               = "${module.vcn.etcd_subnet_ad2_id}"
+  subnet_ad3_id               = "${module.vcn.etcd_subnet_ad3_id}"
   domain_name                 = "${var.domain_name}"
-  etcd_discovery_url          = "${template_file.etcd_discovery_url.id}"
-  flannel_backend             = "${var.flannel_backend}"
-  flannel_network_cidr        = "10.99.0.0/16"
-  flannel_network_subnetlen   = 24
-  hostname_label_prefix       = "etcd-ad2"
-  oracle_linux_image_name     = "${var.etcd_ol_image_name}"
-  label_prefix                = "${var.label_prefix}"
-  shape                       = "${var.etcdShape}"
-  ssh_public_key_openssh      = "${module.k8s-tls.ssh_public_key_openssh}"
-  network_cidrs               = "${var.network_cidrs}"
-  subnet_id                   = "${module.vcn.etcd_subnet_ad2_id}"
-  subnet_name                 = "etcdSubnetAD2"
-  tenancy_ocid                = "${var.compartment_ocid}"
-  etcd_docker_max_log_size    = "${var.etcd_docker_max_log_size}"
-  etcd_docker_max_log_files   = "${var.etcd_docker_max_log_files}"
-  etcd_iscsi_volume_create    = "${var.etcd_iscsi_volume_create}"
-  etcd_iscsi_volume_size      = "${var.etcd_iscsi_volume_size}"
-  assign_private_ip           = "${var.etcd_maintain_private_ip == "true" ? "true": "false"}"
-}
 
-module "instances-etcd-ad3" {
-  source                      = "./instances/etcd"
-  count                       = "${var.etcdAd3Count}"
-  availability_domain         = "${lookup(data.oci_identity_availability_domains.ADs.availability_domains[2],"name")}"
-  compartment_ocid            = "${var.compartment_ocid}"
+  etcdShape                   = "${etcdShape}"
+  etcdAd1Count                = "${var.etcdAd1Count}"
+  etcdAd2Count                = "${var.etcdAd2Count}"
+  etcdAd3Count                = "${var.etcdAd3Count}"
+
+  etcd_lb_enabled             = "${etcd_lb_enabled}" 
+
   control_plane_subnet_access = "${var.control_plane_subnet_access}"
-  display_name_prefix         = "etcd-ad3"
-  docker_ver                  = "${var.docker_ver}"
-  domain_name                 = "${var.domain_name}"
-  etcd_discovery_url          = "${template_file.etcd_discovery_url.id}"
-  etcd_ver                    = "${var.etcd_ver}"
-  flannel_backend             = "${var.flannel_backend}"
-  flannel_network_cidr        = "10.99.0.0/16"
-  flannel_network_subnetlen   = 24
-  hostname_label_prefix       = "etcd-ad3"
-  oracle_linux_image_name     = "${var.etcd_ol_image_name}"
-  label_prefix                = "${var.label_prefix}"
-  shape                       = "${var.etcdShape}"
-  ssh_public_key_openssh      = "${module.k8s-tls.ssh_public_key_openssh}"
-  network_cidrs               = "${var.network_cidrs}"
-  subnet_id                   = "${module.vcn.etcd_subnet_ad3_id}"
-  subnet_name                 = "etcdSubnetAD3"
-  tenancy_ocid                = "${var.compartment_ocid}"
-  etcd_docker_max_log_size    = "${var.etcd_docker_max_log_size}"
-  etcd_docker_max_log_files   = "${var.etcd_docker_max_log_files}"
-  etcd_iscsi_volume_create    = "${var.etcd_iscsi_volume_create}"
-  etcd_iscsi_volume_size      = "${var.etcd_iscsi_volume_size}"
-  assign_private_ip           = "${var.etcd_maintain_private_ip == "true" ? "true": "false"}"
 }
 
 module "instances-k8smaster-ad1" {
@@ -434,26 +366,6 @@ module "instances-k8sworker-ad3" {
 }
 
 ### Load Balancers
-
-module "etcd-lb" {
-  source           = "./network/loadbalancers/etcd"
-  etcd_lb_enabled  = "${var.etcd_lb_enabled}"
-  compartment_ocid = "${var.compartment_ocid}"
-  is_private       = "${var.etcd_lb_access == "private" ? "true": "false"}"
-
-  # Handle case where var.etcd_lb_access=public, but var.control_plane_subnet_access=private
-  etcd_subnet_0_id     = "${var.etcd_lb_access == "private" ? module.vcn.etcd_subnet_ad1_id: coalesce(join(" ", module.vcn.public_subnet_ad1_id), join(" ", list(module.vcn.etcd_subnet_ad1_id)))}"
-  etcd_subnet_1_id     = "${var.etcd_lb_access == "private" ? "": coalesce(join(" ", module.vcn.public_subnet_ad2_id), join(" ", list(module.vcn.etcd_subnet_ad2_id)))}"
-  etcd_ad1_private_ips = "${module.instances-etcd-ad1.private_ips}"
-  etcd_ad2_private_ips = "${module.instances-etcd-ad2.private_ips}"
-  etcd_ad3_private_ips = "${module.instances-etcd-ad3.private_ips}"
-  etcdAd1Count         = "${var.etcdAd1Count}"
-  etcdAd2Count         = "${var.etcdAd2Count}"
-  etcdAd3Count         = "${var.etcdAd3Count}"
-  label_prefix         = "${var.label_prefix}"
-  shape                = "${var.etcdLBShape}"
-}
-
 module "k8smaster-public-lb" {
   source                = "./network/loadbalancers/k8smaster"
   master_oci_lb_enabled = "${var.master_oci_lb_enabled}"
diff --git a/outputs.tf b/outputs.tf
index 87baaea..921c000 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -14,17 +14,6 @@ output "master_lb_backendset_name" {
   value = "${module.k8smaster-public-lb.backendset_name}"
 }
 
-output "etcd_lb_id" {
-  value = "${module.etcd-lb.load_balancer_id}"
-}
-
-output "etcd_lb_backendset_2379_name" {
-  value = "${module.etcd-lb.backendset_2379_name}"
-}
-
-output "etcd_lb_backendset_2380_name" {
-  value = "${module.etcd-lb.backendset_2380_name}"
-}
 
 output "vcn_id" {
   value = "${module.vcn.id}"
@@ -114,15 +103,15 @@ output "ssh_public_key_openssh" {
 }
 
 output "etcd_lb_ip" {
-  value = ["${module.etcd-lb.ip_addresses}"]
+  value = ["${module.etcd-cluster.ip_addresses}"]
 }
 
 output "etcd_public_ips" {
-  value = "${compact(concat(module.instances-etcd-ad1.instance_public_ips,module.instances-etcd-ad2.instance_public_ips,module.instances-etcd-ad3.instance_public_ips))}"
+  value = "${module.etcd-cluster.etcd_public_ips}"
 }
 
 output "etcd_private_ips" {
-  value = "${concat(module.instances-etcd-ad1.private_ips,module.instances-etcd-ad2.private_ips,module.instances-etcd-ad3.private_ips)}"
+  value = "${module.etcd-cluster.etcd_private_ips}"
 }
 
 output "master_lb_ip" {

From d4d0ffbabce5030cdf6727319977ab5a5003ca45 Mon Sep 17 00:00:00 2001
From: Garth Bushell <garth.bushell@oracle.com>
Date: Wed, 28 Mar 2018 18:26:21 +0100
Subject: [PATCH 2/2] Remove emacsy file

---
 .../cloud_init/#bootstrap.template.sh#        | 106 ------------------
 1 file changed, 106 deletions(-)
 delete mode 100644 etcd-cluster/instance/cloud_init/#bootstrap.template.sh#

diff --git a/etcd-cluster/instance/cloud_init/#bootstrap.template.sh# b/etcd-cluster/instance/cloud_init/#bootstrap.template.sh#
deleted file mode 100644
index 38ab78f..0000000
--- a/etcd-cluster/instance/cloud_init/#bootstrap.template.sh#
+++ /dev/null
@@ -1,106 +0,0 @@
-#!/bin/bash -x
-
-# Turn off SELinux
-sudo sed -i  s/SELINUX=enforcing/SELINUX=permissive/ /etc/selinux/config
-setenforce 0
-
-# Set working dir
-cd /home/opc
-
-# enable ol7 addons
-yum-config-manager --disable ol7_UEKR3
-yum-config-manager --enable ol7_addons ol7_latest ol7_UEKR4 ol7_optional ol7_optional_latest
-
-
-
-# Install Docker
-until yum -y install docker-engine-${docker_ver}; do sleep 1 && echo -n "."; done
-
-cat <<EOF > /etc/sysconfig/docker
-OPTIONS="--selinux-enabled --log-opt max-size=${docker_max_log_size} --log-opt max-file=${docker_max_log_files}"
-DOCKER_CERT_PATH=/etc/docker
-GOTRACEBACK=crash
-EOF
-
-# Start Docker
-systemctl daemon-reload
-systemctl enable docker
-systemctl restart docker
-
-docker info
-
-###################
-# Drop firewall rules
-iptables -F
-
-###################
-# etcd
-
-# Get IP Address of self
-IP_LOCAL=$(ip route show to 0.0.0.0/0 | awk '{ print $5 }' | xargs ip addr show | grep -Po 'inet \K[\d.]+')
-SUBNET=$(getent hosts $IP_LOCAL | awk '{print $2}' | cut -d. -f2)
-
-HOSTNAME=$(hostname)
-FQDN_HOSTNAME="$(getent hosts $IP_LOCAL | awk '{print $2}')"
-
-## Login iSCSI volume mount and create filesystem at /etcd
-######################################
-iqn=$(iscsiadm --mode discoverydb --type sendtargets --portal 169.254.2.2:3260 --discover| cut -f2 -d" ")
-
-if [ -n "$${iqn}" ]; then
-    echo "iSCSI Login $${iqn}"
-    iscsiadm -m node -o new -T $${iqn} -p 169.254.2.2:3260
-    iscsiadm -m node -o update -T $${iqn} -n node.startup -v automatic
-    iscsiadm -m node -T $${iqn} -p 169.254.2.2:3260 -l
-    # Wait for device to apear...
-    until [[ -e "/dev/disk/by-path/ip-169.254.2.2:3260-iscsi-$${iqn}-lun-1" ]]; do sleep 1 && echo -n "."; done
-    # If the volume has been created and formatted before but it's just a new instance this may fail
-    # but if so ignore and carry on.
-    mkfs -t xfs "/dev/disk/by-path/ip-169.254.2.2:3260-iscsi-$${iqn}-lun-1";
-    echo "$$(readlink -f /dev/disk/by-path/ip-169.254.2.2:3260-iscsi-$${iqn}-lun-1) /etcd xfs defaults,noatime,_netdev 0 2" >> /etc/fstab
-    mkdir -p  /etcd
-    mount -t xfs "/dev/disk/by-path/ip-169.254.2.2:3260-iscsi-$${iqn}-lun-1"  /etcd
-fi
-
-docker run -d \
-        --restart=always \
-	-p 2380:2380 -p 2379:2379 \
-	-v /etc/ssl/certs/ca-bundle.crt:/etc/ssl/certs/ca-bundle.crt \
-	-v /etcd:/$HOSTNAME.etcd \
-	--net=host \
-	quay.io/coreos/etcd:${etcd_ver} \
-	/usr/local/bin/etcd \
-	-name $HOSTNAME \
-	-advertise-client-urls http://$IP_LOCAL:2379 \
-	-listen-client-urls http://$IP_LOCAL:2379,http://127.0.0.1:2379 \
-	-listen-peer-urls http://0.0.0.0:2380 \
-	-discovery ${etcd_discovery_url}
-
-# Generate a flannel configuration JSON that we will store into etcd using curl.
-cat >/tmp/flannel-network.json <<EOF
-{
-  "Network": "${flannel_network_cidr}",
-  "Subnetlen": ${flannel_network_subnetlen},
-  "Backend": {
-    "Type": "${flannel_backend}",
-    "VNI" : 1
-  }
-}
-EOF
-
-# wait for etcd to become active
-while ! curl -sf -o /dev/null http://$FQDN_HOSTNAME:2379/v2/keys/; do
-	sleep 1
-	echo "Try again"
-done
-
-# put the flannel config in etcd
-curl -sf -L http://$FQDN_HOSTNAME:2379/v2/keys/flannel/network/config -X PUT --data-urlencode value@/tmp/flannel-network.json
-
-# Download etcdctl client etcd_ver
-while ! curl -L https://github.com/coreos/etcd/releases/download/${etcd_ver}/etcd-${etcd_ver}-linux-amd64.tar.gz -o /tmp/etcd-${etcd_ver}-linux-amd64.tar.gz; do
-	sleep 1
-	((secs++)) && ((secs==10)) && break
-	echo "Try again"
-done
-tar zxf /tmp/etcd-${etcd_ver}-linux-amd64.tar.gz -C /tmp/ && cp /tmp/etcd-${etcd_ver}-linux-amd64/etcd* /usr/local/bin/