diff --git a/.provision/README.md b/.provision/README.md
index ec3712f..5055111 100644
--- a/.provision/README.md
+++ b/.provision/README.md
@@ -4,4 +4,4 @@ An ansible role deploy the application on host machine(Ubuntu 20.04)
## terraform-aws-lufi
-A terraform plan creates necessary AWS infrastructure and deploy the lufi. This terraform plan uses the above ansible roles `ansible-role-lufi` to configure the application on AWS.
+A terraform plan creates necessary AWS infrastructure and deploy the lufi. This terraform plan uses the `lufi_startup.sh` script to deploy application on AWS and also uses above ansible roles `ansible-role-lufi` to configure the application on AWS.
\ No newline at end of file
diff --git a/.provision/ansible-role-lufi/README.md b/.provision/ansible-role-lufi/README.md
index ee540e0..e943dda 100644
--- a/.provision/ansible-role-lufi/README.md
+++ b/.provision/ansible-role-lufi/README.md
@@ -9,10 +9,10 @@ Role Variables
| `app_dir` | /var/www/lufi | Set the application directory for the best practice |
| `lufi_owner` | www-data | Set the application user for the best practice |
| `lufi_group` | www-data | Set the application group for the best practice |
-| `contact` | contact.example.com | Contact option (mandatory), where you have to put some way for the users to contact you. |
-| `report` | report@example.com | report option (mandatory) Put an email address or an URL to let people report illegal files |
-| `project_version` | master | We can chose the project version either Master branch, Dev branch or tag based |
-| `servername` | IP address (or) CNAME/FQDN | Mention the Server Name for the Nginx configurations |
+| `_contact` | contact.example.com | Contact option (mandatory), where you have to put some way for the users to contact you. |
+| `_report` | report@example.com | report option (mandatory) Put an email address or an URL to let people report illegal files |
+| `_project_version` | master | We can chose the project version either Master branch, Dev branch or tag based |
+| `_server_name` | IP address (or) CNAME/FQDN | Mention the Server Name for the Nginx configurations |
Sample example of use in a playbook
--------------
diff --git a/.provision/ansible-role-lufi/tasks/apprun.yml b/.provision/ansible-role-lufi/tasks/apprun.yml
index 6038d0e..4728886 100644
--- a/.provision/ansible-role-lufi/tasks/apprun.yml
+++ b/.provision/ansible-role-lufi/tasks/apprun.yml
@@ -6,7 +6,7 @@
chdir: "{{ app_dir }}"
- name: Upload application file
- template:
+ ansible.builtin.template:
src: ../templates/lufi.conf.j2
dest: "{{ app_dir }}/lufi.conf"
@@ -16,7 +16,7 @@
chdir: "{{ app_dir }}"
- name: Nginx configuration file add
- template:
+ ansible.builtin.template:
src: ../templates/app.conf
dest: /etc/nginx/conf.d/
mode: '0644'
diff --git a/.provision/ansible-role-lufi/tasks/dependencies.yml b/.provision/ansible-role-lufi/tasks/dependencies.yml
index 04272af..cc4ca9c 100644
--- a/.provision/ansible-role-lufi/tasks/dependencies.yml
+++ b/.provision/ansible-role-lufi/tasks/dependencies.yml
@@ -1,5 +1,7 @@
+#dependencies.yml
+---
- name: Install Dependencies
- apt:
+ ansible.builtin.apt:
name:
- nginx
- build-essential
@@ -12,6 +14,6 @@
state: present
- name: Install Postgress Dev Packages
- apt:
+ ansible.builtin.apt:
name:
- libpq-dev
\ No newline at end of file
diff --git a/.provision/ansible-role-lufi/templates/lufi.conf.j2 b/.provision/ansible-role-lufi/templates/lufi.conf.j2
index 45dfbe8..9b9ee5f 100644
--- a/.provision/ansible-role-lufi/templates/lufi.conf.j2
+++ b/.provision/ansible-role-lufi/templates/lufi.conf.j2
@@ -21,12 +21,12 @@
# Put a way to contact you here and uncomment it
# You can put some HTML in it
# MANDATORY
- contact => 'Contact page',
+ contact => 'Contact page',
# Put an URL or an email address to receive file reports and uncomment it
# It's for make reporting illegal files easy for users
# MANDATORY
- report => '{{ report }}',
+ report => '{{ _report }}',
# Array of random strings used to encrypt cookies
# optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
diff --git a/.provision/ansible-role-lufi/vars/main.yml b/.provision/ansible-role-lufi/vars/main.yml
index dff6c35..04df23c 100644
--- a/.provision/ansible-role-lufi/vars/main.yml
+++ b/.provision/ansible-role-lufi/vars/main.yml
@@ -5,12 +5,12 @@ lufi_owner: "www-data"
lufi_group: "www-data"
-contact: "contact.example.com"
+app_dir: ""
-report: "report@example.com"
+_contact: "contact.example.com"
-app_dir: ""
+_report: "report@example.com"
-project_version: ""
+_project_version: ""
-servername: ""
+_servername: ""
diff --git a/.provision/terraform-aws-lufi/README.md b/.provision/terraform-aws-lufi/README.md
index e3b9d26..c5a5161 100644
--- a/.provision/terraform-aws-lufi/README.md
+++ b/.provision/terraform-aws-lufi/README.md
@@ -16,3 +16,71 @@
| `aws_access_key` | AWSACCESSKEY | Enter your aws access key |
| `aws_secrete_key` | AWSSECRETEKEY | Enter your aws secrete key |
| `instance_name` | Lufi_app_instance | Set the name for instance |
+| `app_dir` | /var/www/ | Set the application directory for the best practice |
+| `lufi_owner` | www-data | Set the application user for the best practice |
+| `lufi_group` | www-data | Set the application group for the best practice |
+| `contact` | contact.example.com | Contact option (mandatory), where you have to put some way for the users to contact you. |
+| `report` | report@example.com | report option (mandatory) Put an email address or an URL to let people report illegal files |
+
+
+## Usage of terraform plan with lufi deploy script
+
+```sh
+git clone https://framagit.org/fiat-tux/hat-softwares/lufi.git
+
+cd lufi/.provision/terraform-aws-lufi
+
+terraform init
+terraform plan
+terraform apply
+```
+## Usage of terraform plan with ansible role
+
+- Comment out the below `data template` and `user_data` source in __main.tf__ file
+
+```hcl
+locals {
+ user_data_vars = {
+ user = var.lufi_owner
+ group = var.lufi_group
+ directory = var.app_dir
+ git_branch = var.project_version
+ contact_lufi = var.contact
+ report_lufi = var.report
+ }
+}
+```
+
+```hcl
+user_data = templatefile("${path.module}/lufi_startup.sh", local.user_data_vars)
+```
+
+- Add the below provisioner data in __main.tf__ file at the `aws_instance` resource
+
+```sh
+ connection {
+ agent = false
+ type = "ssh"
+ host = aws_instance.ec2_instance.public_dns
+ private_key = "${file(var.private_key)}"
+ user = "${var.user}"
+ }
+
+ provisioner "remote-exec" {
+ inline = [
+ "sudo apt update -y",
+ "sudo apt install python3.9 -y",
+ ]
+ }
+
+ provisioner "local-exec" {
+ command = < hosts && \
+ echo "[Lufi]" | tee -a hosts && \
+ echo "${aws_instance.ec2_instance.public_ip} ansible_user=${var.user} ansible_ssh_private_key_file=${var.private_key}" | tee -a hosts && \
+ export ANSIBLE_HOST_KEY_CHECKING=False && \
+ ansible-playbook -u ${var.user} --private-key ${var.private_key} -i hosts site.yml
+ EOT
+ }
+```
\ No newline at end of file
diff --git a/.provision/terraform-aws-lufi/lufi_startup.sh b/.provision/terraform-aws-lufi/lufi_startup.sh
new file mode 100644
index 0000000..3c89c0c
--- /dev/null
+++ b/.provision/terraform-aws-lufi/lufi_startup.sh
@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+echo "**********************************************************************"
+echo " *"
+echo "Install dependencies *"
+echo " *"
+echo "**********************************************************************"
+
+SUDO=sudo
+$SUDO apt update
+$SUDO apt install jq wget unzip carton build-essential nginx libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl zlib1g-dev libmojo-sqlite-perl libpq-dev -y
+
+echo "**********************************************************************"
+echo " *"
+echo "Configuring the Application *"
+echo " *"
+echo "**********************************************************************"
+
+sleep 10;
+version=$(curl -s https://framagit.org/api/v4/projects/1998/releases | jq '.[]' | jq -r '.name' | head -1)
+echo $version
+pushd ${directory}
+$SUDO wget https://framagit.org/fiat-tux/hat-softwares/lufi/-/archive/$version/lufi-$version.zip
+$SUDO unzip lufi-$version.zip
+$SUDO chown ${user} lufi-$version
+$SUDO chgrp ${group} lufi-$version
+pushd lufi-$version
+
+echo "**********************************************************************"
+echo " *"
+echo "Install Carton Packages *"
+echo " *"
+echo "**********************************************************************"
+
+$SUDO carton install --deployment --without=test --without=sqlite --without=mysql
+
+sleep 10;
+
+$SUDO cp lufi.conf.template lufi.conf
+
+sed -i 's/127.0.0.1/0.0.0.0/' lufi.conf
+sed -i 's/#contact/contact/g' lufi.conf
+sed -i "s/contact.example.com/${contact_lufi}/g" lufi.conf
+sed -i 's/#report/report/' -i lufi.conf
+sed -i "s/report@example.com/${report_lufi}/g" lufi.conf
+sed -i "192 , 194 s/#/ /g" lufi.conf && \
+sed -i "195 s/# / /g" lufi.conf && \
+sed -i "196 , 198 s/#/ /g" lufi.conf && \
+sed -i "199 , 201 s/# / /g" lufi.conf && \
+sed -i "202 s/#/ /g" lufi.conf
+
+echo "**********************************************************************"
+echo " *"
+echo "Run the Application *"
+echo " *"
+echo "**********************************************************************"
+
+$SUDO carton exec hypnotoad script/lufi
diff --git a/.provision/terraform-aws-lufi/main.tf b/.provision/terraform-aws-lufi/main.tf
index f4b7de5..cd46982 100644
--- a/.provision/terraform-aws-lufi/main.tf
+++ b/.provision/terraform-aws-lufi/main.tf
@@ -1,5 +1,15 @@
+locals {
+ user_data_vars = {
+ user = var.lufi_owner
+ group = var.lufi_group
+ directory = var.app_dir
+ contact_lufi = var.contact
+ report_lufi = var.report
+ }
+}
+
#Create the VPC
-resource "aws_vpc" "MAIN" {
+resource "aws_vpc" "vpc" {
cidr_block = "${var.vpc_cidr}"
enable_dns_hostnames = true
enable_dns_support = true
@@ -12,7 +22,7 @@ resource "aws_vpc" "MAIN" {
# Create InternetGateWay and attach to VPC
resource "aws_internet_gateway" "IGW" {
- vpc_id = "${aws_vpc.MAIN.id}"
+ vpc_id = "${aws_vpc.vpc.id}"
tags = {
"Name" = "lufi-master-igw"
}
@@ -21,7 +31,7 @@ resource "aws_internet_gateway" "IGW" {
# Create a public subnet
resource "aws_subnet" "publicsubnet" {
- vpc_id = "${aws_vpc.MAIN.id}"
+ vpc_id = "${aws_vpc.vpc.id}"
cidr_block = "${var.public_subnet_cidr}"
map_public_ip_on_launch = true
tags = {
@@ -30,8 +40,8 @@ resource "aws_subnet" "publicsubnet" {
}
# Create routeTable
-resource "aws_route_table" "publicroute" {
- vpc_id = "${aws_vpc.MAIN.id}"
+resource "aws_route_table" "public" {
+ vpc_id = "${aws_vpc.vpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.IGW.id}"
@@ -43,14 +53,14 @@ resource "aws_route_table" "publicroute" {
}
resource "aws_main_route_table_association" "mainRTB" {
- vpc_id = "${aws_vpc.MAIN.id}"
- route_table_id = "${aws_route_table.publicroute.id}"
+ vpc_id = "${aws_vpc.vpc.id}"
+ route_table_id = "${aws_route_table.public.id}"
}
## Create security group
resource "aws_security_group" "security" {
name = "lufi-master-sg"
description = "allow all traffic"
- vpc_id = "${aws_vpc.MAIN.id}"
+ vpc_id = "${aws_vpc.vpc.id}"
ingress {
description = "allow all traffic"
@@ -82,45 +92,28 @@ resource "aws_key_pair" "genkey" {
public_key = "${file(var.public_key)}"
}
+# Add ubuntu AMI
+data "aws_ami" "ubuntu" {
+ most_recent = true
+ owners = ["099720109477"]
+
+ filter {
+ name = "name"
+ values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
+ }
+}
+
# Craete ec2 instance
resource "aws_instance" "ec2_instance" {
- ami = "ami-04505e74c0741db8d"
+ ami = "${data.aws_ami.ubuntu.id}"
instance_type = "t2.medium"
associate_public_ip_address = "true"
subnet_id = "${aws_subnet.publicsubnet.id}"
vpc_security_group_ids = ["${aws_security_group.security.id}"]
+ user_data = templatefile("${path.module}/lufi_startup.sh", local.user_data_vars)
key_name = "lufi.webapp"
-
- connection {
- agent = false
- type = "ssh"
- host = aws_instance.ec2_instance.public_dns
- private_key = "${file(var.private_key)}"
- user = "${var.user}"
- }
-
- provisioner "remote-exec" {
- inline = [
- "sudo apt update -y",
- "sudo apt install python3.9 -y",
- ]
- }
-
- provisioner "local-exec" {
- command = < hosts && \
- echo "[Lufi]" | tee -a hosts && \
- echo "${aws_instance.ec2_instance.public_ip} ansible_user=${var.user} ansible_ssh_private_key_file=${var.private_key}" | tee -a hosts && \
- export ANSIBLE_HOST_KEY_CHECKING=False && \
- ansible-playbook -u ${var.user} --private-key ${var.private_key} -i hosts site.yml
- EOT
- }
tags = {
Name = "${var.instance_name}"
}
}
-
-
-
diff --git a/.provision/terraform-aws-lufi/provider.tf b/.provision/terraform-aws-lufi/provider.tf
index 22f192f..d037bd2 100644
--- a/.provision/terraform-aws-lufi/provider.tf
+++ b/.provision/terraform-aws-lufi/provider.tf
@@ -1,3 +1,12 @@
+terraform {
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 3.0"
+ }
+ }
+}
+
provider "aws" {
access_key = "${var.aws_access_key}"
secret_key = "${var.aws_secret_key}"
diff --git a/.provision/terraform-aws-lufi/vars.tf b/.provision/terraform-aws-lufi/vars.tf
index f2bfde5..e944c0e 100644
--- a/.provision/terraform-aws-lufi/vars.tf
+++ b/.provision/terraform-aws-lufi/vars.tf
@@ -33,4 +33,23 @@ variable "instance_name" {
default = "instance_name"
}
+variable "lufi_owner" {
+ default = ""
+}
+
+variable "lufi_group" {
+ default = ""
+}
+
+variable "app_dir" {
+ default = ""
+}
+
+variable "contact" {
+ default = ""
+}
+
+variable "report" {
+ default = ""
+}