From 1dee0e691e1f6205d0c148f49411d68d000455a0 Mon Sep 17 00:00:00 2001 From: Luc Didry Date: May 13 2022 13:06:28 +0000 Subject: Merge branch 'ansible-provisioning' into 'development' Adhere to ansible styling guide See merge request fiat-tux/hat-softwares/lufi!99 --- diff --git a/.provision/README.md b/.provision/README.md index ec3712f..5055111 100644 --- a/.provision/README.md +++ b/.provision/README.md @@ -4,4 +4,4 @@ An ansible role deploy the application on host machine(Ubuntu 20.04) ## terraform-aws-lufi -A terraform plan creates necessary AWS infrastructure and deploy the lufi. This terraform plan uses the above ansible roles `ansible-role-lufi` to configure the application on AWS. +A terraform plan creates necessary AWS infrastructure and deploy the lufi. This terraform plan uses the `lufi_startup.sh` script to deploy application on AWS and also uses above ansible roles `ansible-role-lufi` to configure the application on AWS. \ No newline at end of file diff --git a/.provision/ansible-role-lufi/README.md b/.provision/ansible-role-lufi/README.md index ee540e0..e943dda 100644 --- a/.provision/ansible-role-lufi/README.md +++ b/.provision/ansible-role-lufi/README.md @@ -9,10 +9,10 @@ Role Variables | `app_dir` | /var/www/lufi | Set the application directory for the best practice | | `lufi_owner` | www-data | Set the application user for the best practice | | `lufi_group` | www-data | Set the application group for the best practice | -| `contact` | contact.example.com | Contact option (mandatory), where you have to put some way for the users to contact you. | -| `report` | report@example.com | report option (mandatory) Put an email address or an URL to let people report illegal files | -| `project_version` | master | We can chose the project version either Master branch, Dev branch or tag based | -| `servername` | IP address (or) CNAME/FQDN | Mention the Server Name for the Nginx configurations | +| `_contact` | contact.example.com | Contact option (mandatory), where you have to put some way for the users to contact you. | +| `_report` | report@example.com | report option (mandatory) Put an email address or an URL to let people report illegal files | +| `_project_version` | master | We can chose the project version either Master branch, Dev branch or tag based | +| `_server_name` | IP address (or) CNAME/FQDN | Mention the Server Name for the Nginx configurations | Sample example of use in a playbook -------------- diff --git a/.provision/ansible-role-lufi/tasks/apprun.yml b/.provision/ansible-role-lufi/tasks/apprun.yml index 6038d0e..4728886 100644 --- a/.provision/ansible-role-lufi/tasks/apprun.yml +++ b/.provision/ansible-role-lufi/tasks/apprun.yml @@ -6,7 +6,7 @@ chdir: "{{ app_dir }}" - name: Upload application file - template: + ansible.builtin.template: src: ../templates/lufi.conf.j2 dest: "{{ app_dir }}/lufi.conf" @@ -16,7 +16,7 @@ chdir: "{{ app_dir }}" - name: Nginx configuration file add - template: + ansible.builtin.template: src: ../templates/app.conf dest: /etc/nginx/conf.d/ mode: '0644' diff --git a/.provision/ansible-role-lufi/tasks/dependencies.yml b/.provision/ansible-role-lufi/tasks/dependencies.yml index 04272af..cc4ca9c 100644 --- a/.provision/ansible-role-lufi/tasks/dependencies.yml +++ b/.provision/ansible-role-lufi/tasks/dependencies.yml @@ -1,5 +1,7 @@ +#dependencies.yml +--- - name: Install Dependencies - apt: + ansible.builtin.apt: name: - nginx - build-essential @@ -12,6 +14,6 @@ state: present - name: Install Postgress Dev Packages - apt: + ansible.builtin.apt: name: - libpq-dev \ No newline at end of file diff --git a/.provision/ansible-role-lufi/templates/lufi.conf.j2 b/.provision/ansible-role-lufi/templates/lufi.conf.j2 index 45dfbe8..9b9ee5f 100644 --- a/.provision/ansible-role-lufi/templates/lufi.conf.j2 +++ b/.provision/ansible-role-lufi/templates/lufi.conf.j2 @@ -21,12 +21,12 @@ # Put a way to contact you here and uncomment it # You can put some HTML in it # MANDATORY - contact => 'Contact page', + contact => 'Contact page', # Put an URL or an email address to receive file reports and uncomment it # It's for make reporting illegal files easy for users # MANDATORY - report => '{{ report }}', + report => '{{ _report }}', # Array of random strings used to encrypt cookies # optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT diff --git a/.provision/ansible-role-lufi/vars/main.yml b/.provision/ansible-role-lufi/vars/main.yml index dff6c35..04df23c 100644 --- a/.provision/ansible-role-lufi/vars/main.yml +++ b/.provision/ansible-role-lufi/vars/main.yml @@ -5,12 +5,12 @@ lufi_owner: "www-data" lufi_group: "www-data" -contact: "contact.example.com" +app_dir: "" -report: "report@example.com" +_contact: "contact.example.com" -app_dir: "" +_report: "report@example.com" -project_version: "" +_project_version: "" -servername: "" +_servername: "" diff --git a/.provision/terraform-aws-lufi/README.md b/.provision/terraform-aws-lufi/README.md index e3b9d26..c5a5161 100644 --- a/.provision/terraform-aws-lufi/README.md +++ b/.provision/terraform-aws-lufi/README.md @@ -16,3 +16,71 @@ | `aws_access_key` | AWSACCESSKEY | Enter your aws access key | | `aws_secrete_key` | AWSSECRETEKEY | Enter your aws secrete key | | `instance_name` | Lufi_app_instance | Set the name for instance | +| `app_dir` | /var/www/ | Set the application directory for the best practice | +| `lufi_owner` | www-data | Set the application user for the best practice | +| `lufi_group` | www-data | Set the application group for the best practice | +| `contact` | contact.example.com | Contact option (mandatory), where you have to put some way for the users to contact you. | +| `report` | report@example.com | report option (mandatory) Put an email address or an URL to let people report illegal files | + + +## Usage of terraform plan with lufi deploy script + +```sh +git clone https://framagit.org/fiat-tux/hat-softwares/lufi.git + +cd lufi/.provision/terraform-aws-lufi + +terraform init +terraform plan +terraform apply +``` +## Usage of terraform plan with ansible role + +- Comment out the below `data template` and `user_data` source in __main.tf__ file + +```hcl +locals { + user_data_vars = { + user = var.lufi_owner + group = var.lufi_group + directory = var.app_dir + git_branch = var.project_version + contact_lufi = var.contact + report_lufi = var.report + } +} +``` + +```hcl +user_data = templatefile("${path.module}/lufi_startup.sh", local.user_data_vars) +``` + +- Add the below provisioner data in __main.tf__ file at the `aws_instance` resource + +```sh + connection { + agent = false + type = "ssh" + host = aws_instance.ec2_instance.public_dns + private_key = "${file(var.private_key)}" + user = "${var.user}" + } + + provisioner "remote-exec" { + inline = [ + "sudo apt update -y", + "sudo apt install python3.9 -y", + ] + } + + provisioner "local-exec" { + command = < hosts && \ + echo "[Lufi]" | tee -a hosts && \ + echo "${aws_instance.ec2_instance.public_ip} ansible_user=${var.user} ansible_ssh_private_key_file=${var.private_key}" | tee -a hosts && \ + export ANSIBLE_HOST_KEY_CHECKING=False && \ + ansible-playbook -u ${var.user} --private-key ${var.private_key} -i hosts site.yml + EOT + } +``` \ No newline at end of file diff --git a/.provision/terraform-aws-lufi/lufi_startup.sh b/.provision/terraform-aws-lufi/lufi_startup.sh new file mode 100644 index 0000000..3c89c0c --- /dev/null +++ b/.provision/terraform-aws-lufi/lufi_startup.sh @@ -0,0 +1,59 @@ +#!/usr/bin/env bash +set -euo pipefail + +echo "**********************************************************************" +echo " *" +echo "Install dependencies *" +echo " *" +echo "**********************************************************************" + +SUDO=sudo +$SUDO apt update +$SUDO apt install jq wget unzip carton build-essential nginx libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl zlib1g-dev libmojo-sqlite-perl libpq-dev -y + +echo "**********************************************************************" +echo " *" +echo "Configuring the Application *" +echo " *" +echo "**********************************************************************" + +sleep 10; +version=$(curl -s https://framagit.org/api/v4/projects/1998/releases | jq '.[]' | jq -r '.name' | head -1) +echo $version +pushd ${directory} +$SUDO wget https://framagit.org/fiat-tux/hat-softwares/lufi/-/archive/$version/lufi-$version.zip +$SUDO unzip lufi-$version.zip +$SUDO chown ${user} lufi-$version +$SUDO chgrp ${group} lufi-$version +pushd lufi-$version + +echo "**********************************************************************" +echo " *" +echo "Install Carton Packages *" +echo " *" +echo "**********************************************************************" + +$SUDO carton install --deployment --without=test --without=sqlite --without=mysql + +sleep 10; + +$SUDO cp lufi.conf.template lufi.conf + +sed -i 's/127.0.0.1/0.0.0.0/' lufi.conf +sed -i 's/#contact/contact/g' lufi.conf +sed -i "s/contact.example.com/${contact_lufi}/g" lufi.conf +sed -i 's/#report/report/' -i lufi.conf +sed -i "s/report@example.com/${report_lufi}/g" lufi.conf +sed -i "192 , 194 s/#/ /g" lufi.conf && \ +sed -i "195 s/# / /g" lufi.conf && \ +sed -i "196 , 198 s/#/ /g" lufi.conf && \ +sed -i "199 , 201 s/# / /g" lufi.conf && \ +sed -i "202 s/#/ /g" lufi.conf + +echo "**********************************************************************" +echo " *" +echo "Run the Application *" +echo " *" +echo "**********************************************************************" + +$SUDO carton exec hypnotoad script/lufi diff --git a/.provision/terraform-aws-lufi/main.tf b/.provision/terraform-aws-lufi/main.tf index f4b7de5..cd46982 100644 --- a/.provision/terraform-aws-lufi/main.tf +++ b/.provision/terraform-aws-lufi/main.tf @@ -1,5 +1,15 @@ +locals { + user_data_vars = { + user = var.lufi_owner + group = var.lufi_group + directory = var.app_dir + contact_lufi = var.contact + report_lufi = var.report + } +} + #Create the VPC -resource "aws_vpc" "MAIN" { +resource "aws_vpc" "vpc" { cidr_block = "${var.vpc_cidr}" enable_dns_hostnames = true enable_dns_support = true @@ -12,7 +22,7 @@ resource "aws_vpc" "MAIN" { # Create InternetGateWay and attach to VPC resource "aws_internet_gateway" "IGW" { - vpc_id = "${aws_vpc.MAIN.id}" + vpc_id = "${aws_vpc.vpc.id}" tags = { "Name" = "lufi-master-igw" } @@ -21,7 +31,7 @@ resource "aws_internet_gateway" "IGW" { # Create a public subnet resource "aws_subnet" "publicsubnet" { - vpc_id = "${aws_vpc.MAIN.id}" + vpc_id = "${aws_vpc.vpc.id}" cidr_block = "${var.public_subnet_cidr}" map_public_ip_on_launch = true tags = { @@ -30,8 +40,8 @@ resource "aws_subnet" "publicsubnet" { } # Create routeTable -resource "aws_route_table" "publicroute" { - vpc_id = "${aws_vpc.MAIN.id}" +resource "aws_route_table" "public" { + vpc_id = "${aws_vpc.vpc.id}" route { cidr_block = "0.0.0.0/0" gateway_id = "${aws_internet_gateway.IGW.id}" @@ -43,14 +53,14 @@ resource "aws_route_table" "publicroute" { } resource "aws_main_route_table_association" "mainRTB" { - vpc_id = "${aws_vpc.MAIN.id}" - route_table_id = "${aws_route_table.publicroute.id}" + vpc_id = "${aws_vpc.vpc.id}" + route_table_id = "${aws_route_table.public.id}" } ## Create security group resource "aws_security_group" "security" { name = "lufi-master-sg" description = "allow all traffic" - vpc_id = "${aws_vpc.MAIN.id}" + vpc_id = "${aws_vpc.vpc.id}" ingress { description = "allow all traffic" @@ -82,45 +92,28 @@ resource "aws_key_pair" "genkey" { public_key = "${file(var.public_key)}" } +# Add ubuntu AMI +data "aws_ami" "ubuntu" { + most_recent = true + owners = ["099720109477"] + + filter { + name = "name" + values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"] + } +} + # Craete ec2 instance resource "aws_instance" "ec2_instance" { - ami = "ami-04505e74c0741db8d" + ami = "${data.aws_ami.ubuntu.id}" instance_type = "t2.medium" associate_public_ip_address = "true" subnet_id = "${aws_subnet.publicsubnet.id}" vpc_security_group_ids = ["${aws_security_group.security.id}"] + user_data = templatefile("${path.module}/lufi_startup.sh", local.user_data_vars) key_name = "lufi.webapp" - - connection { - agent = false - type = "ssh" - host = aws_instance.ec2_instance.public_dns - private_key = "${file(var.private_key)}" - user = "${var.user}" - } - - provisioner "remote-exec" { - inline = [ - "sudo apt update -y", - "sudo apt install python3.9 -y", - ] - } - - provisioner "local-exec" { - command = < hosts && \ - echo "[Lufi]" | tee -a hosts && \ - echo "${aws_instance.ec2_instance.public_ip} ansible_user=${var.user} ansible_ssh_private_key_file=${var.private_key}" | tee -a hosts && \ - export ANSIBLE_HOST_KEY_CHECKING=False && \ - ansible-playbook -u ${var.user} --private-key ${var.private_key} -i hosts site.yml - EOT - } tags = { Name = "${var.instance_name}" } } - - - diff --git a/.provision/terraform-aws-lufi/provider.tf b/.provision/terraform-aws-lufi/provider.tf index 22f192f..d037bd2 100644 --- a/.provision/terraform-aws-lufi/provider.tf +++ b/.provision/terraform-aws-lufi/provider.tf @@ -1,3 +1,12 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 3.0" + } + } +} + provider "aws" { access_key = "${var.aws_access_key}" secret_key = "${var.aws_secret_key}" diff --git a/.provision/terraform-aws-lufi/vars.tf b/.provision/terraform-aws-lufi/vars.tf index f2bfde5..e944c0e 100644 --- a/.provision/terraform-aws-lufi/vars.tf +++ b/.provision/terraform-aws-lufi/vars.tf @@ -33,4 +33,23 @@ variable "instance_name" { default = "instance_name" } +variable "lufi_owner" { + default = "" +} + +variable "lufi_group" { + default = "" +} + +variable "app_dir" { + default = "" +} + +variable "contact" { + default = "" +} + +variable "report" { + default = "" +}