From dbb6d688c01cac5bb98c94f08ebbec4b755caf5d Mon Sep 17 00:00:00 2001 From: Alex Crease Date: Mon, 26 Feb 2024 00:11:29 +0000 Subject: [PATCH] infra --- infra/modules/cluster/ec2.tf | 2 +- infra/modules/cluster/install-docker.sh | 7 +- infra/modules/cluster/inv_template.tpl | 37 +- infra/modules/cluster/load_balancer.tf | 61 ++ infra/modules/cluster/sec_grp.tf | 26 +- infra/modules/db/postgres.tf | 9 + infra/playbooks/host.yml | 20 + infra/playbooks/requirements.yml | 1 + infra/playbooks/service.yml | 67 +- infra/playbooks/variables.tf | 16 - infra/terraform.tfstate | 9 + infra/terraform.tfstate.backup | 1098 +++++++++++++++++++++++ 12 files changed, 1281 insertions(+), 72 deletions(-) create mode 100644 infra/modules/cluster/load_balancer.tf create mode 100644 infra/modules/db/postgres.tf create mode 100644 infra/playbooks/host.yml delete mode 100644 infra/playbooks/variables.tf create mode 100644 infra/terraform.tfstate create mode 100644 infra/terraform.tfstate.backup diff --git a/infra/modules/cluster/ec2.tf b/infra/modules/cluster/ec2.tf index 0741350..a69eec7 100644 --- a/infra/modules/cluster/ec2.tf +++ b/infra/modules/cluster/ec2.tf @@ -32,7 +32,7 @@ resource "aws_instance" "bootstrap" { } resource "aws_instance" "workers" { - count = 2 + count = 0 ami = data.aws_ami.aws_linux.id instance_type = "t3.micro" diff --git a/infra/modules/cluster/install-docker.sh b/infra/modules/cluster/install-docker.sh index c3f1f38..574ea84 100644 --- a/infra/modules/cluster/install-docker.sh +++ b/infra/modules/cluster/install-docker.sh @@ -1,5 +1,8 @@ #!/usr/bin/env bash sudo yum update -y -sudo yum install -y docker python3 -sudo service docker start +sudo yum install -y docker python3 pip +sudo yum remove -y python-requests aws-cli +sudo service docker start sudo usermod -aG docker ec2-user +pip uninstall awscli +pip install docker diff --git a/infra/modules/cluster/inv_template.tpl b/infra/modules/cluster/inv_template.tpl index 2c61307..212e703 100644 --- a/infra/modules/cluster/inv_template.tpl +++ b/infra/modules/cluster/inv_template.tpl @@ -1,22 +1,19 @@ - -all: - children: - managers: - hosts: +--- +managers: + hosts: %{~ for ec2_name, address in managers ~} - ${ec2_name}: - ansible_host: ${address} - %{ endfor } - vars: - ansible_user: ec2-user - ansible_ssh_private_key_file: ../modules/cluster/node_key - workers: - hosts: - %{~ for ec2_name, address in workers~} - ${ec2_name}: - ansible_host: ${address} + ${ec2_name}: + ansible_host: ${address} %{~ endfor ~} - vars: - ansible_user: ec2-user - ansible_ssh_private_key_file: ../modules/cluster/node_key - + vars: + ansible_user: ec2-user + ansible_ssh_private_key_file: ../modules/cluster/node_key +workers: + hosts: + %{~ for ec2_name, address in workers ~} + ${ec2_name}: + ansible_host: ${address} + %{~ endfor ~} + vars: + ansible_user: ec2-user + ansible_ssh_private_key_file: ../modules/cluster/node_key diff --git a/infra/modules/cluster/load_balancer.tf b/infra/modules/cluster/load_balancer.tf new file mode 100644 index 0000000..2736e3a --- /dev/null +++ b/infra/modules/cluster/load_balancer.tf @@ -0,0 +1,61 @@ +resource "aws_lb" "main" { + name = "cluster-lb" + internal = false + load_balancer_type = "application" + security_groups = [aws_security_group.lb.id] + subnets = toset(var.subnet_ids.public[*]) +} + +resource "aws_lb_listener" "http" { + count = var.environment == "dev" ? 1 : 0 + load_balancer_arn = aws_lb.main.arn + port = 80 + protocol = "HTTP" + + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.public.arn + } +} + +resource "aws_lb_listener" "http_redirect" { + count = var.environment == "dev" ? 0 : 1 + load_balancer_arn = aws_lb.main.arn + port = 80 + protocol = "HTTP" + + default_action { + type = "redirect" + redirect { + port = "443" + protocol = "HTTPS" + status_code = "HTTP_301" + } + } +} + +resource "aws_lb_target_group" "public" { + name = "${var.service}-${var.environment}-public" + port = 80 + protocol = "HTTP" + vpc_id = var.vpc_id + target_type = "ip" + + health_check { + protocol = "HTTP" + path = "/" + matcher = "200-299" + } +} + +resource "aws_lb_target_group_attachment" "all" { + for_each = toset(local.targets) + target_group_arn = aws_lb_target_group.public.arn + target_id = each.key + port = 80 +} + +locals { + targets = flatten([aws_instance.bootstrap[*].id, aws_instance.workers[*].id, aws_instance.managers[*].id]) + +} diff --git a/infra/modules/cluster/sec_grp.tf b/infra/modules/cluster/sec_grp.tf index 90fbc4a..047fd43 100644 --- a/infra/modules/cluster/sec_grp.tf +++ b/infra/modules/cluster/sec_grp.tf @@ -1,6 +1,6 @@ resource "aws_security_group" "node" { name = "cluster-node-security-group" - description = "security group for lambda efs put function" + description = "security group for cluster nodes" vpc_id = var.vpc_id ingress { @@ -21,3 +21,27 @@ resource "aws_security_group" "node" { Name = "${var.service}-${var.environment}-node-grp" } } + +resource "aws_security_group" "lb" { + name = "cluster-lb-security-group" + description = "security group for cluster load balancer" + vpc_id = var.vpc_id + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + + tags = { + Name = "${var.service}-${var.environment}-lb-grp" + } +} diff --git a/infra/modules/db/postgres.tf b/infra/modules/db/postgres.tf new file mode 100644 index 0000000..07dd261 --- /dev/null +++ b/infra/modules/db/postgres.tf @@ -0,0 +1,9 @@ + +resource "aws_db_instance" "default" { + allocated_storage = 5 + db_name = "forum" + engine = "postgresql" + instance_class = "db.t3.micro" + username = "backend" + manage_master_user_password = true +} diff --git a/infra/playbooks/host.yml b/infra/playbooks/host.yml new file mode 100644 index 0000000..855ebbf --- /dev/null +++ b/infra/playbooks/host.yml @@ -0,0 +1,20 @@ +--- +- name: Configure Host + hosts: all + become: true + tasks: + - name: install dependencies + yum: + name: "{{ item }}" + update_cache: yes + loop: + - vim + - python3 + - pip + - name: install ansible-docker deps + shell: /usr/bin/pip install docker + - name: start docker service + service: + enabled: true + name: docker + state: started diff --git a/infra/playbooks/requirements.yml b/infra/playbooks/requirements.yml index 35127dc..a6bf94c 100644 --- a/infra/playbooks/requirements.yml +++ b/infra/playbooks/requirements.yml @@ -2,4 +2,5 @@ collections: - name: https://github.com/ansible-collections/cloud.terraform.git type: git version: main + - name: community.docker diff --git a/infra/playbooks/service.yml b/infra/playbooks/service.yml index 8fa4318..9cc419b 100644 --- a/infra/playbooks/service.yml +++ b/infra/playbooks/service.yml @@ -1,34 +1,37 @@ +--- - name: Docker Service hosts: managers[0] - community.docker.docker_swarm_service: - name: nginx - image: nginx - replicas: 1 - resolve_image: true # update based on digest (i.e even if latest) - publish: - mode: host - published_port: 80 - target_port: 80 - healthcheck: - # Check if nginx server is healthy by curl'ing the server. - # If this fails or timeouts, the healthcheck fails. - test: ["CMD", "curl", "--fail", "http://nginx.host.com"] - interval: 1m30s - timeout: 10s - retries: 3 - start_period: 30s - update_config: - parallelism: 2 - delay: 10s - order: stop-first - failure_action: rollback - rollback_config: - parallelism: 2 - delay: 10s - order: stop-first - reservations: - cpus: 0.25 - memory: 20M - limits: - cpus: 0.50 - memory: 50M + tasks: + - name: Docker Swarm Service + community.docker.docker_swarm_service: + name: nginx + image: nginx + replicas: 1 + resolve_image: true # update based on digest (i.e even if latest) + publish: + - mode: host + published_port: 80 + target_port: 80 + healthcheck: + # Check if nginx server is healthy by curl'ing the server. + # If this fails or timeouts, the healthcheck fails. + test: ["CMD", "curl", "--fail", "http://nginx.host.com"] + interval: 1m30s + timeout: 10s + retries: 3 + start_period: 30s + update_config: + parallelism: 2 + delay: 10s + order: stop-first + failure_action: rollback + rollback_config: + parallelism: 2 + delay: 10s + order: stop-first + reservations: + cpus: 0.25 + memory: 20M + limits: + cpus: 0.50 + memory: 50M diff --git a/infra/playbooks/variables.tf b/infra/playbooks/variables.tf deleted file mode 100644 index cb50f1d..0000000 --- a/infra/playbooks/variables.tf +++ /dev/null @@ -1,16 +0,0 @@ -terraform { - - required_providers { - ansible = { - version = "~> 1.1.0" - source = "ansible/ansible" - } - } -} - -variable "hostnames" { - type = object({ - managers = list(string) - workers = list(string) - }) -} diff --git a/infra/terraform.tfstate b/infra/terraform.tfstate new file mode 100644 index 0000000..8285929 --- /dev/null +++ b/infra/terraform.tfstate @@ -0,0 +1,9 @@ +{ + "version": 4, + "terraform_version": "1.7.3", + "serial": 178, + "lineage": "0ed00022-0f3f-d407-af82-f16daaae8de3", + "outputs": {}, + "resources": [], + "check_results": null +} diff --git a/infra/terraform.tfstate.backup b/infra/terraform.tfstate.backup new file mode 100644 index 0000000..d3958c5 --- /dev/null +++ b/infra/terraform.tfstate.backup @@ -0,0 +1,1098 @@ +{ + "version": 4, + "terraform_version": "1.7.3", + "serial": 157, + "lineage": "0ed00022-0f3f-d407-af82-f16daaae8de3", + "outputs": {}, + "resources": [ + { + "module": "module.cluster", + "mode": "data", + "type": "aws_ami", + "name": "aws_linux", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "architecture": "x86_64", + "arn": "arn:aws:ec2:eu-west-1::image/ami-0ef9e689241f0bb6e", + "block_device_mappings": [ + { + "device_name": "/dev/xvda", + "ebs": { + "delete_on_termination": "true", + "encrypted": "false", + "iops": "3000", + "snapshot_id": "snap-086168f003456ce1b", + "throughput": "125", + "volume_size": "8", + "volume_type": "gp3" + }, + "no_device": "", + "virtual_name": "" + } + ], + "boot_mode": "uefi-preferred", + "creation_date": "2024-02-16T21:29:42.000Z", + "deprecation_time": "2024-05-16T21:30:00.000Z", + "description": "Amazon Linux 2023 AMI 2023.3.20240219.0 x86_64 HVM kernel-6.1", + "ena_support": true, + "executable_users": null, + "filter": [ + { + "name": "name", + "values": [ + "al2023-ami-2023.3.20240219.0-kernel-6.1-x86_64" + ] + }, + { + "name": "virtualization-type", + "values": [ + "hvm" + ] + } + ], + "hypervisor": "xen", + "id": "ami-0ef9e689241f0bb6e", + "image_id": "ami-0ef9e689241f0bb6e", + "image_location": "amazon/al2023-ami-2023.3.20240219.0-kernel-6.1-x86_64", + "image_owner_alias": "amazon", + "image_type": "machine", + "imds_support": "v2.0", + "include_deprecated": false, + "kernel_id": "", + "most_recent": false, + "name": "al2023-ami-2023.3.20240219.0-kernel-6.1-x86_64", + "name_regex": null, + "owner_id": "137112412989", + "owners": [ + "137112412989" + ], + "platform": "", + "platform_details": "Linux/UNIX", + "product_codes": [], + "public": true, + "ramdisk_id": "", + "root_device_name": "/dev/xvda", + "root_device_type": "ebs", + "root_snapshot_id": "snap-086168f003456ce1b", + "sriov_net_support": "simple", + "state": "available", + "state_reason": { + "code": "UNSET", + "message": "UNSET" + }, + "tags": {}, + "timeouts": null, + "tpm_support": "", + "usage_operation": "RunInstances", + "virtualization_type": "hvm" + }, + "sensitive_attributes": [] + } + ] + }, + { + "module": "module.cluster", + "mode": "managed", + "type": "aws_instance", + "name": "bootstrap", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "ami": "ami-0ef9e689241f0bb6e", + "arn": "arn:aws:ec2:eu-west-1:013948180024:instance/i-0e188e029b1475958", + "associate_public_ip_address": true, + "availability_zone": "eu-west-1a", + "capacity_reservation_specification": [ + { + "capacity_reservation_preference": "open", + "capacity_reservation_target": [] + } + ], + "cpu_core_count": 1, + "cpu_options": [ + { + "amd_sev_snp": "", + "core_count": 1, + "threads_per_core": 2 + } + ], + "cpu_threads_per_core": 2, + "credit_specification": [ + { + "cpu_credits": "unlimited" + } + ], + "disable_api_stop": false, + "disable_api_termination": false, + "ebs_block_device": [], + "ebs_optimized": false, + "enclave_options": [ + { + "enabled": false + } + ], + "ephemeral_block_device": [], + "get_password_data": false, + "hibernation": false, + "host_id": "", + "host_resource_group_arn": null, + "iam_instance_profile": "", + "id": "i-0e188e029b1475958", + "instance_initiated_shutdown_behavior": "stop", + "instance_lifecycle": "", + "instance_market_options": [], + "instance_state": "running", + "instance_type": "t3.micro", + "ipv6_address_count": 0, + "ipv6_addresses": [], + "key_name": "node_key", + "launch_template": [], + "maintenance_options": [ + { + "auto_recovery": "default" + } + ], + "metadata_options": [ + { + "http_endpoint": "enabled", + "http_protocol_ipv6": "disabled", + "http_put_response_hop_limit": 2, + "http_tokens": "required", + "instance_metadata_tags": "disabled" + } + ], + "monitoring": false, + "network_interface": [], + "outpost_arn": "", + "password_data": "", + "placement_group": "", + "placement_partition_number": 0, + "primary_network_interface_id": "eni-09accaa4e738ebdd8", + "private_dns": "ip-10-101-12-154.eu-west-1.compute.internal", + "private_dns_name_options": [ + { + "enable_resource_name_dns_a_record": false, + "enable_resource_name_dns_aaaa_record": false, + "hostname_type": "ip-name" + } + ], + "private_ip": "10.101.12.154", + "public_dns": "ec2-52-214-124-192.eu-west-1.compute.amazonaws.com", + "public_ip": "52.214.124.192", + "root_block_device": [ + { + "delete_on_termination": true, + "device_name": "/dev/xvda", + "encrypted": false, + "iops": 3000, + "kms_key_id": "", + "tags": {}, + "throughput": 125, + "volume_id": "vol-090cd468cdba53483", + "volume_size": 8, + "volume_type": "gp3" + } + ], + "secondary_private_ips": [], + "security_groups": [], + "source_dest_check": true, + "spot_instance_request_id": "", + "subnet_id": "subnet-0050ae89f74a49844", + "tags": { + "Name": "bootstrap" + }, + "tags_all": { + "Name": "bootstrap" + }, + "tenancy": "default", + "timeouts": null, + "user_data": null, + "user_data_base64": null, + "user_data_replace_on_change": false, + "volume_tags": null, + "vpc_security_group_ids": [ + "sg-0a64316179d3757aa" + ] + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMCwidXBkYXRlIjo2MDAwMDAwMDAwMDB9LCJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "module.cluster.aws_key_pair.node_key", + "module.cluster.aws_security_group.node", + "module.cluster.data.aws_ami.aws_linux", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.aws_vpc.main", + "module.network.data.aws_availability_zones.available" + ] + } + ] + }, + { + "module": "module.cluster", + "mode": "managed", + "type": "aws_key_pair", + "name": "node_key", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:eu-west-1:013948180024:key-pair/node_key", + "fingerprint": "cb:49:3a:93:7a:66:93:34:58:15:3c:a3:f7:9c:ac:e7", + "id": "node_key", + "key_name": "node_key", + "key_name_prefix": "", + "key_pair_id": "key-0f38c7cafa71d4bc1", + "key_type": "rsa", + "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC5iXUvGrvJYDe3my/opvaA5RJ5HOtvnvNxpwjGJNdqi9Jp816cMgVnQ3lvPnc+BnkOVlOVvgUGxnj2xUzT2JgDa1IjTB1I79oMSd9Osm21whZRq6Co9camRVorYl6EaTCjZ4/zmCy2jkQAe5es0f7CQ7hOnAUU4yI3B0RmGOk/bEoGLftk3d8wRjzporQTV2L6TKqT4lTyysbS+Jp0Cvhc5fYF50AoyOW8Q8VbRcn1Drf/LJTQDu3EEJhKteQFdBJOqDoPZeaTZG9v34R8M72JJeGO/RexFhbsP6ERNltBUndFPeyiuk8UQJVpieotWUL1UtRXm+KzTpMALbHyUYIfBPjynIfvoYjGf1/4wVaJfz767Q5iIZ1Euioc3fJyvO5ho8qpNlZVexH9CofMNfX09h719H3LjVpZ2hpSMLaGxFC3bHqh2IgDmGf6AmLH8kjKP2UaH63xrJ32GdsAabxjFaCmIiauMnHIK+Rqhz1104oJPWuEUUuJawSDlWkvWCE= acrease@avernus", + "tags": {}, + "tags_all": {} + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] + }, + { + "module": "module.cluster", + "mode": "managed", + "type": "aws_lb_target_group", + "name": "public", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:elasticloadbalancing:eu-west-1:013948180024:targetgroup/forum-dev-public/4abcaf81e0eb8305", + "arn_suffix": "targetgroup/forum-dev-public/4abcaf81e0eb8305", + "connection_termination": false, + "deregistration_delay": "300", + "health_check": [ + { + "enabled": true, + "healthy_threshold": 3, + "interval": 30, + "matcher": "200-299", + "path": "/", + "port": "traffic-port", + "protocol": "HTTP", + "timeout": 5, + "unhealthy_threshold": 3 + } + ], + "id": "arn:aws:elasticloadbalancing:eu-west-1:013948180024:targetgroup/forum-dev-public/4abcaf81e0eb8305", + "ip_address_type": "ipv4", + "lambda_multi_value_headers_enabled": false, + "load_balancing_algorithm_type": "round_robin", + "load_balancing_cross_zone_enabled": "use_load_balancer_configuration", + "name": "forum-dev-public", + "name_prefix": null, + "port": 80, + "preserve_client_ip": null, + "protocol": "HTTP", + "protocol_version": "HTTP1", + "proxy_protocol_v2": false, + "slow_start": 0, + "stickiness": [ + { + "cookie_duration": 86400, + "cookie_name": "", + "enabled": false, + "type": "lb_cookie" + } + ], + "tags": null, + "tags_all": {}, + "target_failover": [ + { + "on_deregistration": null, + "on_unhealthy": null + } + ], + "target_type": "ip", + "vpc_id": "vpc-0f3912ddcf5d4175b" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "module.network.aws_vpc.main" + ] + } + ] + }, + { + "module": "module.cluster", + "mode": "managed", + "type": "aws_security_group", + "name": "lb", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:eu-west-1:013948180024:security-group/sg-0ff1d9978aa44f433", + "description": "security group for cluster load balancer", + "egress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 0, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "-1", + "security_groups": [], + "self": false, + "to_port": 0 + } + ], + "id": "sg-0ff1d9978aa44f433", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 0, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "-1", + "security_groups": [], + "self": false, + "to_port": 0 + } + ], + "name": "cluster-lb-security-group", + "name_prefix": "", + "owner_id": "013948180024", + "revoke_rules_on_delete": false, + "tags": { + "Name": "forum-dev-lb-grp" + }, + "tags_all": { + "Name": "forum-dev-lb-grp" + }, + "timeouts": null, + "vpc_id": "vpc-0f3912ddcf5d4175b" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=", + "dependencies": [ + "module.network.aws_vpc.main" + ] + } + ] + }, + { + "module": "module.cluster", + "mode": "managed", + "type": "aws_security_group", + "name": "node", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:eu-west-1:013948180024:security-group/sg-0a64316179d3757aa", + "description": "security group for lambda efs put function", + "egress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 0, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "-1", + "security_groups": [], + "self": false, + "to_port": 0 + } + ], + "id": "sg-0a64316179d3757aa", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 0, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "-1", + "security_groups": [], + "self": false, + "to_port": 0 + } + ], + "name": "cluster-node-security-group", + "name_prefix": "", + "owner_id": "013948180024", + "revoke_rules_on_delete": false, + "tags": { + "Name": "forum-dev-node-grp" + }, + "tags_all": { + "Name": "forum-dev-node-grp" + }, + "timeouts": null, + "vpc_id": "vpc-0f3912ddcf5d4175b" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=", + "dependencies": [ + "module.network.aws_vpc.main" + ] + } + ] + }, + { + "module": "module.cluster", + "mode": "managed", + "type": "local_file", + "name": "inventory", + "provider": "provider[\"registry.terraform.io/hashicorp/local\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "content": "---\nmanagers:\n hosts:\n bootstrap:\n ansible_host: ec2-52-214-124-192.eu-west-1.compute.amazonaws.com\n vars:\n ansible_user: ec2-user\n ansible_ssh_private_key_file: ../modules/cluster/node_key\nworkers:\n hosts:\n vars:\n ansible_user: ec2-user\n ansible_ssh_private_key_file: ../modules/cluster/node_key\n", + "content_base64": null, + "content_base64sha256": "rT4SvTEXO8h+Iig798V745iyBndjXmUUW/JQ4a+/AlI=", + "content_base64sha512": "xQ9PZcau8Sb+lBU+UhroEJdIVH5rKXZVG6Cu2kfRxUq2kdK3MF0CtbvrHh0SkGnz0Y9NOMC7jjYZsSS2Y7Q6Nw==", + "content_md5": "7a470c1afab73bc4fae0c0b753ef0f40", + "content_sha1": "23128624417479174a46a8d98b2037854827dd0b", + "content_sha256": "ad3e12bd31173bc87e22283bf7c57be398b20677635e65145bf250e1afbf0252", + "content_sha512": "c50f4f65c6aef126fe94153e521ae8109748547e6b2976551ba0aeda47d1c54ab691d2b7305d02b5bbeb1e1d129069f3d18f4d38c0bb8e3619b124b663b43a37", + "directory_permission": "0777", + "file_permission": "0777", + "filename": "playbooks/inventory.yml", + "id": "23128624417479174a46a8d98b2037854827dd0b", + "sensitive_content": null, + "source": null + }, + "sensitive_attributes": [], + "dependencies": [ + "module.cluster.aws_instance.bootstrap", + "module.cluster.aws_instance.workers", + "module.cluster.aws_key_pair.node_key", + "module.cluster.aws_security_group.node", + "module.cluster.data.aws_ami.aws_linux", + "module.cluster.data.external.swarm_join_token", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.aws_vpc.main", + "module.network.data.aws_availability_zones.available" + ] + } + ] + }, + { + "module": "module.network", + "mode": "data", + "type": "aws_availability_zones", + "name": "available", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_availability_zones": null, + "exclude_names": null, + "exclude_zone_ids": null, + "filter": null, + "group_names": [ + "eu-west-1" + ], + "id": "eu-west-1", + "names": [ + "eu-west-1a", + "eu-west-1b", + "eu-west-1c" + ], + "state": null, + "timeouts": null, + "zone_ids": [ + "euw1-az2", + "euw1-az3", + "euw1-az1" + ] + }, + "sensitive_attributes": [] + } + ] + }, + { + "module": "module.network", + "mode": "managed", + "type": "aws_eip", + "name": "nat_gw_eip", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "address": null, + "allocation_id": "eipalloc-0e510b841d3303875", + "associate_with_private_ip": null, + "association_id": "eipassoc-07fe5e1ac3f24162e", + "carrier_ip": "", + "customer_owned_ip": "", + "customer_owned_ipv4_pool": "", + "domain": "vpc", + "id": "eipalloc-0e510b841d3303875", + "instance": "", + "network_border_group": "eu-west-1", + "network_interface": "eni-00d8d1c7fb6cba947", + "private_dns": "ip-10-101-8-223.eu-west-1.compute.internal", + "private_ip": "10.101.8.223", + "public_dns": "ec2-52-215-132-27.eu-west-1.compute.amazonaws.com", + "public_ip": "52.215.132.27", + "public_ipv4_pool": "amazon", + "tags": { + "Name": "forum-dev-eip" + }, + "tags_all": { + "Name": "forum-dev-eip" + }, + "timeouts": null, + "vpc": true + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiZGVsZXRlIjoxODAwMDAwMDAwMDAsInJlYWQiOjkwMDAwMDAwMDAwMCwidXBkYXRlIjozMDAwMDAwMDAwMDB9fQ==" + } + ] + }, + { + "module": "module.network", + "mode": "managed", + "type": "aws_internet_gateway", + "name": "igw", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:ec2:eu-west-1:013948180024:internet-gateway/igw-06324ddd4ba3a278b", + "id": "igw-06324ddd4ba3a278b", + "owner_id": "013948180024", + "tags": { + "Name": "forum-dev-igw" + }, + "tags_all": { + "Name": "forum-dev-igw" + }, + "timeouts": null, + "vpc_id": "vpc-0f3912ddcf5d4175b" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "module.network.aws_vpc.main" + ] + } + ] + }, + { + "module": "module.network", + "mode": "managed", + "type": "aws_nat_gateway", + "name": "nat_gw", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "allocation_id": "eipalloc-0e510b841d3303875", + "association_id": "eipassoc-07fe5e1ac3f24162e", + "connectivity_type": "public", + "id": "nat-0c73ff79148f772f9", + "network_interface_id": "eni-00d8d1c7fb6cba947", + "private_ip": "10.101.8.223", + "public_ip": "52.215.132.27", + "secondary_allocation_ids": [], + "secondary_private_ip_address_count": 0, + "secondary_private_ip_addresses": [], + "subnet_id": "subnet-0050ae89f74a49844", + "tags": {}, + "tags_all": {}, + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTgwMDAwMDAwMDAwMCwidXBkYXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "module.network.aws_eip.nat_gw_eip", + "module.network.aws_subnet.public", + "module.network.aws_vpc.main", + "module.network.data.aws_availability_zones.available" + ] + } + ] + }, + { + "module": "module.network", + "mode": "managed", + "type": "aws_network_acl", + "name": "private", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:ec2:eu-west-1:013948180024:network-acl/acl-0bea89dda6f0efbfe", + "egress": [ + { + "action": "allow", + "cidr_block": "0.0.0.0/0", + "from_port": 0, + "icmp_code": 0, + "icmp_type": 0, + "ipv6_cidr_block": "", + "protocol": "6", + "rule_no": 150, + "to_port": 65535 + } + ], + "id": "acl-0bea89dda6f0efbfe", + "ingress": [ + { + "action": "allow", + "cidr_block": "10.101.0.0/16", + "from_port": 1024, + "icmp_code": 0, + "icmp_type": 0, + "ipv6_cidr_block": "", + "protocol": "6", + "rule_no": 150, + "to_port": 65535 + }, + { + "action": "allow", + "cidr_block": "10.101.0.0/16", + "from_port": 443, + "icmp_code": 0, + "icmp_type": 0, + "ipv6_cidr_block": "", + "protocol": "6", + "rule_no": 101, + "to_port": 443 + }, + { + "action": "allow", + "cidr_block": "10.101.0.0/16", + "from_port": 80, + "icmp_code": 0, + "icmp_type": 0, + "ipv6_cidr_block": "", + "protocol": "6", + "rule_no": 100, + "to_port": 80 + } + ], + "owner_id": "013948180024", + "subnet_ids": [ + "subnet-093ebe793ea34265b" + ], + "tags": {}, + "tags_all": {}, + "vpc_id": "vpc-0f3912ddcf5d4175b" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "module.network.aws_subnet.private", + "module.network.aws_vpc.main", + "module.network.data.aws_availability_zones.available" + ] + } + ] + }, + { + "module": "module.network", + "mode": "managed", + "type": "aws_network_acl", + "name": "public", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:ec2:eu-west-1:013948180024:network-acl/acl-008fa5221cb3a19b2", + "egress": [ + { + "action": "allow", + "cidr_block": "0.0.0.0/0", + "from_port": 0, + "icmp_code": 0, + "icmp_type": 0, + "ipv6_cidr_block": "", + "protocol": "6", + "rule_no": 150, + "to_port": 65535 + } + ], + "id": "acl-008fa5221cb3a19b2", + "ingress": [ + { + "action": "allow", + "cidr_block": "0.0.0.0/0", + "from_port": 0, + "icmp_code": 0, + "icmp_type": 0, + "ipv6_cidr_block": "", + "protocol": "6", + "rule_no": 100, + "to_port": 1023 + }, + { + "action": "allow", + "cidr_block": "0.0.0.0/0", + "from_port": 0, + "icmp_code": 0, + "icmp_type": 0, + "ipv6_cidr_block": "", + "protocol": "6", + "rule_no": 101, + "to_port": 1023 + }, + { + "action": "allow", + "cidr_block": "0.0.0.0/0", + "from_port": 1024, + "icmp_code": 0, + "icmp_type": 0, + "ipv6_cidr_block": "", + "protocol": "6", + "rule_no": 150, + "to_port": 65535 + } + ], + "owner_id": "013948180024", + "subnet_ids": [ + "subnet-0050ae89f74a49844" + ], + "tags": {}, + "tags_all": {}, + "vpc_id": "vpc-0f3912ddcf5d4175b" + }, + "sensitive_attributes": [], + "private": "bnVsbA==", + "dependencies": [ + "module.network.aws_subnet.public", + "module.network.aws_vpc.main", + "module.network.data.aws_availability_zones.available" + ] + } + ] + }, + { + "module": "module.network", + "mode": "managed", + "type": "aws_route_table", + "name": "private", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:ec2:eu-west-1:013948180024:route-table/rtb-0a3aa3012ba10c062", + "id": "rtb-0a3aa3012ba10c062", + "owner_id": "013948180024", + "propagating_vgws": [], + "route": [ + { + "carrier_gateway_id": "", + "cidr_block": "0.0.0.0/0", + "core_network_arn": "", + "destination_prefix_list_id": "", + "egress_only_gateway_id": "", + "gateway_id": "", + "ipv6_cidr_block": "", + "local_gateway_id": "", + "nat_gateway_id": "nat-0c73ff79148f772f9", + "network_interface_id": "", + "transit_gateway_id": "", + "vpc_endpoint_id": "", + "vpc_peering_connection_id": "" + } + ], + "tags": { + "Name": "forum-dev-priv-rt" + }, + "tags_all": { + "Name": "forum-dev-priv-rt" + }, + "timeouts": null, + "vpc_id": "vpc-0f3912ddcf5d4175b" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19", + "dependencies": [ + "module.network.aws_eip.nat_gw_eip", + "module.network.aws_nat_gateway.nat_gw", + "module.network.aws_subnet.public", + "module.network.aws_vpc.main", + "module.network.data.aws_availability_zones.available" + ] + } + ] + }, + { + "module": "module.network", + "mode": "managed", + "type": "aws_route_table", + "name": "public", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:ec2:eu-west-1:013948180024:route-table/rtb-02694db82d5bcf535", + "id": "rtb-02694db82d5bcf535", + "owner_id": "013948180024", + "propagating_vgws": [], + "route": [ + { + "carrier_gateway_id": "", + "cidr_block": "0.0.0.0/0", + "core_network_arn": "", + "destination_prefix_list_id": "", + "egress_only_gateway_id": "", + "gateway_id": "igw-06324ddd4ba3a278b", + "ipv6_cidr_block": "", + "local_gateway_id": "", + "nat_gateway_id": "", + "network_interface_id": "", + "transit_gateway_id": "", + "vpc_endpoint_id": "", + "vpc_peering_connection_id": "" + } + ], + "tags": { + "Name": "forum-dev-pub-rt" + }, + "tags_all": { + "Name": "forum-dev-pub-rt" + }, + "timeouts": null, + "vpc_id": "vpc-0f3912ddcf5d4175b" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19", + "dependencies": [ + "module.network.aws_internet_gateway.igw", + "module.network.aws_vpc.main" + ] + } + ] + }, + { + "module": "module.network", + "mode": "managed", + "type": "aws_route_table_association", + "name": "priv_link", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "gateway_id": "", + "id": "rtbassoc-07151d3125ff021e3", + "route_table_id": "rtb-0a3aa3012ba10c062", + "subnet_id": "subnet-093ebe793ea34265b", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19", + "dependencies": [ + "module.network.aws_eip.nat_gw_eip", + "module.network.aws_nat_gateway.nat_gw", + "module.network.aws_route_table.private", + "module.network.aws_subnet.private", + "module.network.aws_subnet.public", + "module.network.aws_vpc.main", + "module.network.data.aws_availability_zones.available" + ] + } + ] + }, + { + "module": "module.network", + "mode": "managed", + "type": "aws_route_table_association", + "name": "pub_link", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "gateway_id": "", + "id": "rtbassoc-06f4d50989a43a1f8", + "route_table_id": "rtb-02694db82d5bcf535", + "subnet_id": "subnet-0050ae89f74a49844", + "timeouts": null + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19", + "dependencies": [ + "module.network.aws_internet_gateway.igw", + "module.network.aws_route_table.public", + "module.network.aws_subnet.public", + "module.network.aws_vpc.main", + "module.network.data.aws_availability_zones.available" + ] + } + ] + }, + { + "module": "module.network", + "mode": "managed", + "type": "aws_subnet", + "name": "private", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:eu-west-1:013948180024:subnet/subnet-093ebe793ea34265b", + "assign_ipv6_address_on_creation": false, + "availability_zone": "eu-west-1a", + "availability_zone_id": "euw1-az2", + "cidr_block": "10.101.128.0/20", + "customer_owned_ipv4_pool": "", + "enable_dns64": false, + "enable_lni_at_device_index": 0, + "enable_resource_name_dns_a_record_on_launch": false, + "enable_resource_name_dns_aaaa_record_on_launch": false, + "id": "subnet-093ebe793ea34265b", + "ipv6_cidr_block": "", + "ipv6_cidr_block_association_id": "", + "ipv6_native": false, + "map_customer_owned_ip_on_launch": false, + "map_public_ip_on_launch": false, + "outpost_arn": "", + "owner_id": "013948180024", + "private_dns_hostname_type_on_launch": "ip-name", + "tags": { + "Name": "forum-dev-priv-sn-0" + }, + "tags_all": { + "Name": "forum-dev-priv-sn-0" + }, + "timeouts": null, + "vpc_id": "vpc-0f3912ddcf5d4175b" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "module.network.aws_vpc.main", + "module.network.data.aws_availability_zones.available" + ] + } + ] + }, + { + "module": "module.network", + "mode": "managed", + "type": "aws_subnet", + "name": "public", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:eu-west-1:013948180024:subnet/subnet-0050ae89f74a49844", + "assign_ipv6_address_on_creation": false, + "availability_zone": "eu-west-1a", + "availability_zone_id": "euw1-az2", + "cidr_block": "10.101.0.0/20", + "customer_owned_ipv4_pool": "", + "enable_dns64": false, + "enable_lni_at_device_index": 0, + "enable_resource_name_dns_a_record_on_launch": false, + "enable_resource_name_dns_aaaa_record_on_launch": false, + "id": "subnet-0050ae89f74a49844", + "ipv6_cidr_block": "", + "ipv6_cidr_block_association_id": "", + "ipv6_native": false, + "map_customer_owned_ip_on_launch": false, + "map_public_ip_on_launch": true, + "outpost_arn": "", + "owner_id": "013948180024", + "private_dns_hostname_type_on_launch": "ip-name", + "tags": { + "Name": "forum-dev-pub-sn-0" + }, + "tags_all": { + "Name": "forum-dev-pub-sn-0" + }, + "timeouts": null, + "vpc_id": "vpc-0f3912ddcf5d4175b" + }, + "sensitive_attributes": [], + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "module.network.aws_vpc.main", + "module.network.data.aws_availability_zones.available" + ] + } + ] + }, + { + "module": "module.network", + "mode": "managed", + "type": "aws_vpc", + "name": "main", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:eu-west-1:013948180024:vpc/vpc-0f3912ddcf5d4175b", + "assign_generated_ipv6_cidr_block": false, + "cidr_block": "10.101.0.0/16", + "default_network_acl_id": "acl-0d29191ac193cec60", + "default_route_table_id": "rtb-08e404912ba0c9429", + "default_security_group_id": "sg-016ac6a73e90aacdd", + "dhcp_options_id": "dopt-0d1fb529c92f4b8ca", + "enable_dns_hostnames": true, + "enable_dns_support": true, + "enable_network_address_usage_metrics": false, + "id": "vpc-0f3912ddcf5d4175b", + "instance_tenancy": "default", + "ipv4_ipam_pool_id": null, + "ipv4_netmask_length": null, + "ipv6_association_id": "", + "ipv6_cidr_block": "", + "ipv6_cidr_block_network_border_group": "", + "ipv6_ipam_pool_id": "", + "ipv6_netmask_length": 0, + "main_route_table_id": "rtb-08e404912ba0c9429", + "owner_id": "013948180024", + "tags": { + "Name": "forum-dev-vpc" + }, + "tags_all": { + "Name": "forum-dev-vpc" + } + }, + "sensitive_attributes": [], + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] + } + ], + "check_results": null +}