infra

Apollo-XIV · Feb 26, 2024 · dbb6d68 · dbb6d68
1 parent 634658a
commit dbb6d68
Show file tree

Hide file tree

Showing 12 changed files with 1,281 additions and 72 deletions.
diff --git a/infra/modules/cluster/ec2.tf b/infra/modules/cluster/ec2.tf
@@ -32,7 +32,7 @@ resource "aws_instance" "bootstrap" {
 }
 
 resource "aws_instance" "workers" {
-  count         = 2
+  count         = 0
   ami           = data.aws_ami.aws_linux.id
   instance_type = "t3.micro"
 

diff --git a/infra/modules/cluster/install-docker.sh b/infra/modules/cluster/install-docker.sh
@@ -1,5 +1,8 @@
 #!/usr/bin/env bash
 sudo yum update -y
-sudo yum install -y docker python3
-sudo service docker start
+sudo yum install -y docker python3 pip
+sudo yum remove -y python-requests aws-cli
+sudo service docker start	
 sudo usermod -aG docker ec2-user
+pip uninstall awscli
+pip install docker
diff --git a/infra/modules/cluster/inv_template.tpl b/infra/modules/cluster/inv_template.tpl
@@ -1,22 +1,19 @@
-
-all:
-  children:
-    managers:
-      hosts:
+---
+managers:
+  hosts:
   %{~ for ec2_name, address in managers ~}
-        ${ec2_name}:
-          ansible_host: ${address}
-  %{ endfor }
-      vars:
-        ansible_user: ec2-user
-        ansible_ssh_private_key_file: ../modules/cluster/node_key
-    workers:
-      hosts:
-  %{~ for ec2_name, address in workers~}
-        ${ec2_name}:
-          ansible_host: ${address}
+    ${ec2_name}:
+      ansible_host: ${address}
   %{~ endfor ~}
-      vars:
-        ansible_user: ec2-user
-        ansible_ssh_private_key_file: ../modules/cluster/node_key
-
+  vars:
+    ansible_user: ec2-user
+    ansible_ssh_private_key_file: ../modules/cluster/node_key
+workers:
+  hosts:
+  %{~ for ec2_name, address in workers ~}
+    ${ec2_name}:
+      ansible_host: ${address}
+  %{~ endfor ~}
+  vars:
+    ansible_user: ec2-user
+    ansible_ssh_private_key_file: ../modules/cluster/node_key
diff --git a/infra/modules/cluster/load_balancer.tf b/infra/modules/cluster/load_balancer.tf
@@ -0,0 +1,61 @@
+resource "aws_lb" "main" {
+  name               = "cluster-lb"
+  internal           = false
+  load_balancer_type = "application"
+  security_groups    = [aws_security_group.lb.id]
+  subnets            = toset(var.subnet_ids.public[*])
+}
+
+resource "aws_lb_listener" "http" {
+  count             = var.environment == "dev" ? 1 : 0
+  load_balancer_arn = aws_lb.main.arn
+  port              = 80
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.public.arn
+  }
+}
+
+resource "aws_lb_listener" "http_redirect" {
+  count             = var.environment == "dev" ? 0 : 1
+  load_balancer_arn = aws_lb.main.arn
+  port              = 80
+  protocol          = "HTTP"
+
+  default_action {
+    type = "redirect"
+    redirect {
+      port        = "443"
+      protocol    = "HTTPS"
+      status_code = "HTTP_301"
+    }
+  }
+}
+
+resource "aws_lb_target_group" "public" {
+  name        = "${var.service}-${var.environment}-public"
+  port        = 80
+  protocol    = "HTTP"
+  vpc_id      = var.vpc_id
+  target_type = "ip"
+
+  health_check {
+    protocol = "HTTP"
+    path     = "/"
+    matcher  = "200-299"
+  }
+}
+
+resource "aws_lb_target_group_attachment" "all" {
+  for_each         = toset(local.targets)
+  target_group_arn = aws_lb_target_group.public.arn
+  target_id        = each.key
+  port             = 80
+}
+
+locals {
+  targets = flatten([aws_instance.bootstrap[*].id, aws_instance.workers[*].id, aws_instance.managers[*].id])
+
+}
diff --git a/infra/modules/cluster/sec_grp.tf b/infra/modules/cluster/sec_grp.tf
@@ -1,6 +1,6 @@
 resource "aws_security_group" "node" {
   name        = "cluster-node-security-group"
-  description = "security group for lambda efs put function"
+  description = "security group for cluster nodes"
   vpc_id      = var.vpc_id
 
   ingress {
@@ -21,3 +21,27 @@ resource "aws_security_group" "node" {
     Name = "${var.service}-${var.environment}-node-grp"
   }
 }
+
+resource "aws_security_group" "lb" {
+  name        = "cluster-lb-security-group"
+  description = "security group for cluster load balancer"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "${var.service}-${var.environment}-lb-grp"
+  }
+}
diff --git a/infra/modules/db/postgres.tf b/infra/modules/db/postgres.tf
@@ -0,0 +1,9 @@
+
+resource "aws_db_instance" "default" {
+  allocated_storage           = 5
+  db_name                     = "forum"
+  engine                      = "postgresql"
+  instance_class              = "db.t3.micro"
+  username                    = "backend"
+  manage_master_user_password = true
+}
diff --git a/infra/playbooks/host.yml b/infra/playbooks/host.yml
@@ -0,0 +1,20 @@
+---
+- name: Configure Host
+  hosts: all
+  become: true
+  tasks:
+    - name: install dependencies
+      yum:
+        name: "{{ item }}"
+        update_cache: yes
+      loop:
+        - vim
+        - python3
+        - pip
+    - name: install ansible-docker deps
+      shell: /usr/bin/pip install docker
+    - name: start docker service
+      service:
+        enabled: true
+        name: docker
+        state: started    
diff --git a/infra/playbooks/requirements.yml b/infra/playbooks/requirements.yml
@@ -2,4 +2,5 @@ collections:
   - name: https://github.com/ansible-collections/cloud.terraform.git
     type: git
     version: main
+  - name: community.docker
 
diff --git a/infra/playbooks/service.yml b/infra/playbooks/service.yml
@@ -1,34 +1,37 @@
+---
 - name: Docker Service
   hosts: managers[0]
-  community.docker.docker_swarm_service:
-  name: nginx
-  image: nginx
-  replicas: 1
-  resolve_image: true # update based on digest (i.e even if latest)
-  publish:
-    mode: host
-    published_port: 80
-    target_port: 80
-  healthcheck:
-    # Check if nginx server is healthy by curl'ing the server.
-    # If this fails or timeouts, the healthcheck fails.
-    test: ["CMD", "curl", "--fail", "http://nginx.host.com"]
-    interval: 1m30s
-    timeout: 10s
-    retries: 3
-    start_period: 30s
-  update_config:
-    parallelism: 2
-    delay: 10s
-    order: stop-first
-    failure_action: rollback
-  rollback_config:
-    parallelism: 2
-    delay: 10s
-    order: stop-first
-  reservations:
-    cpus: 0.25
-    memory: 20M
-  limits:
-    cpus: 0.50
-    memory: 50M
+  tasks:
+    - name: Docker Swarm Service
+      community.docker.docker_swarm_service:
+        name: nginx
+        image: nginx
+        replicas: 1
+        resolve_image: true # update based on digest (i.e even if latest)
+        publish:
+          - mode: host
+            published_port: 80
+            target_port: 80
+        healthcheck:
+          # Check if nginx server is healthy by curl'ing the server.
+          # If this fails or timeouts, the healthcheck fails.
+          test: ["CMD", "curl", "--fail", "http://nginx.host.com"]
+          interval: 1m30s
+          timeout: 10s
+          retries: 3
+          start_period: 30s
+        update_config:
+          parallelism: 2
+          delay: 10s
+          order: stop-first
+          failure_action: rollback
+        rollback_config:
+          parallelism: 2
+          delay: 10s
+          order: stop-first
+        reservations:
+          cpus: 0.25
+          memory: 20M
+        limits:
+          cpus: 0.50
+          memory: 50M
diff --git a/infra/playbooks/variables.tf b/infra/playbooks/variables.tf
diff --git a/infra/terraform.tfstate b/infra/terraform.tfstate
@@ -0,0 +1,9 @@
+{
+  "version": 4,
+  "terraform_version": "1.7.3",
+  "serial": 178,
+  "lineage": "0ed00022-0f3f-d407-af82-f16daaae8de3",
+  "outputs": {},
+  "resources": [],
+  "check_results": null
+}