fix(ahoyworld): droplet configs, add eng clt VMs

freeCodeCamp · Oct 27, 2024 · 4ff6a38 · 4ff6a38
1 parent a1a7d88
commit 4ff6a38
Show file tree

Hide file tree

Showing 6 changed files with 232 additions and 33 deletions.
diff --git a/terraform/stg-cluster-ahoyworld/cloud-init--userdata.yml.tftpl b/terraform/stg-cluster-ahoyworld/cloud-init--userdata.yml.tftpl
@@ -0,0 +1,41 @@
+#cloud-config
+merge_how:
+  - name: list
+    settings: [append]
+  - name: dict
+    settings: [no_replace, recurse_list]
+# -- allow root login temporarily for remote-exec, where we need to run as root.
+disable_root: false
+# -- allow root login temporarily for remote-exec, where we need to run as root.
+ssh_pwauth: false
+allow_public_ssh_keys: true
+
+users:
+  - name: freecodecamp
+    groups:
+      - sudo
+      - docker
+    shell: /bin/bash
+    sudo: "ALL=(ALL) NOPASSWD:ALL"
+    ssh_import_id:
+      - gh:camperbot
+      - gh:raisedadead
+
+preserve_hostname: true
+fqdn: ${tf_fqdn}
+hostname: ${tf_hostname}
+prefer_fqdn_over_hostname: true
+create_hostname_file: true
+
+# Add DNS resolver configuration
+# network:
+#   version: 2
+#   ethernets:
+#     eth0:
+#       dhcp4: true
+#       nameservers:
+#         addresses:
+#           - 1.1.1.1
+#           - 1.0.0.1
+
+final_message: "Setup complete"
diff --git a/terraform/stg-cluster-ahoyworld/droplets-01-pxy.tf b/terraform/stg-cluster-ahoyworld/droplets-01-pxy.tf
@@ -0,0 +1,72 @@
+resource "digitalocean_droplet" "stg_ahoyworld_pxy" {
+  count = local.pxy_node_count
+  name  = "stg-vm-ahoyworld-pxy-${count.index + 1}"
+  tags  = ["stg", "ahoyworld", "pxy", "stg_ahoyworld_pxy"]
+
+  image    = data.hcp_packer_artifact.do_ubuntu.external_identifier
+  size     = "s-2vcpu-4gb"
+  region   = "nyc3"
+  vpc_uuid = digitalocean_vpc.stg_vpc.id
+
+  ssh_keys = [for ssh_key in data.digitalocean_ssh_key.stg_ssh_keys : ssh_key.id]
+
+  user_data = templatefile("${path.root}/cloud-init--userdata.yml.tftpl", {
+    tf_fqdn     = "pxy-${count.index + 1}.ahoyworld.stg.${local.zone}"
+    tf_hostname = "pxy-stg-${count.index + 1}"
+  })
+
+  # -- All of the provisioning should be done via cloud-init, this is just to setup the reboot.
+  connection {
+    host        = self.ipv4_address
+    user        = "root"
+    private_key = var.ssh_terraform_ed25519_private_key
+    timeout     = "2m"
+  }
+  provisioner "remote-exec" {
+    inline = [
+      # Wait for cloud-init to finish.
+      "while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for cloud-init...'; sleep 1; done",
+      "echo Current hostname...; hostname",
+      "shutdown -r +1 'Terraform: Rebooting to apply hostname change in 1 min.'"
+    ]
+  }
+  provisioner "remote-exec" {
+    # This is just to verify the reboot worked.
+    inline = [
+      "uptime"
+    ]
+  }
+  provisioner "remote-exec" {
+    inline = [
+      # Disable root login by setting PermitRootLogin to 'no' in sshd_config
+      "sed -i 's/^PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config",
+      # Restart SSH service to apply changes
+      "systemctl restart ssh"
+    ]
+  }
+  # -- All of the provisioning should be done via cloud-init, this is just to setup the reboot.
+}
+
+resource "cloudflare_record" "stg_ahoyworld_pxy_dns__public" {
+  count = local.pxy_node_count
+
+  zone_id = data.cloudflare_zone.cf_zone.id
+  type    = "A"
+  proxied = false
+  ttl     = 120
+
+  name    = "pxy-${count.index + 1}.ahoyworld.stg.${var.network_subdomain}"
+  content = digitalocean_droplet.stg_ahoyworld_pxy[count.index].ipv4_address
+}
+
+resource "cloudflare_record" "stg_ahoyworld_pxy_dns__private" {
+  count = local.pxy_node_count
+
+  zone_id = data.cloudflare_zone.cf_zone.id
+  type    = "A"
+  proxied = false
+  ttl     = 120
+
+  name    = "pxy-${count.index + 1}.ahoyworld.stg"
+  content = digitalocean_droplet.stg_ahoyworld_pxy[count.index].ipv4_address_private
+}
diff --git a/terraform/stg-cluster-ahoyworld/droplets-03-clt.tf b/terraform/stg-cluster-ahoyworld/droplets-03-clt.tf
@@ -0,0 +1,73 @@
+resource "digitalocean_droplet" "stg_ahoyworld_clt" {
+  for_each = { for i in local.clt_instances : i.instance => i }
+
+  name = "stg-vm-ahoyworld-clt-${each.value.instance}"
+  tags = ["stg", "ahoyworld", "clt", "stg_ahoyworld_clt", "${each.value.name}"]
+
+  image    = data.hcp_packer_artifact.do_ubuntu.external_identifier
+  size     = "s-2vcpu-4gb"
+  region   = "nyc3"
+  vpc_uuid = digitalocean_vpc.stg_vpc.id
+
+  ssh_keys = [for ssh_key in data.digitalocean_ssh_key.stg_ssh_keys : ssh_key.id]
+
+  user_data = templatefile("${path.root}/cloud-init--userdata.yml.tftpl", {
+    tf_fqdn     = "clt-${each.value.instance}.ahoyworld.stg.${local.zone}"
+    tf_hostname = "clt-stg-${each.value.instance}"
+  })
+
+  # -- All of the provisioning should be done via cloud-init, this is just to setup the reboot.
+  connection {
+    host        = self.ipv4_address
+    user        = "root"
+    private_key = var.ssh_terraform_ed25519_private_key
+    timeout     = "2m"
+  }
+  provisioner "remote-exec" {
+    inline = [
+      # Wait for cloud-init to finish.
+      "while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for cloud-init...'; sleep 1; done",
+      "echo Current hostname...; hostname",
+      "shutdown -r +1 'Terraform: Rebooting to apply hostname change in 1 min.'"
+    ]
+  }
+  provisioner "remote-exec" {
+    # This is just to verify the reboot worked.
+    inline = [
+      "uptime"
+    ]
+  }
+  provisioner "remote-exec" {
+    inline = [
+      # Disable root login by setting PermitRootLogin to 'no' in sshd_config
+      "sed -i 's/^PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config",
+      # Restart SSH service to apply changes
+      "systemctl restart ssh"
+    ]
+  }
+  # -- All of the provisioning should be done via cloud-init, this is just to setup the reboot.
+}
+
+resource "cloudflare_record" "stg_ahoyworld_clt_dns__public" {
+  for_each = { for i in local.clt_instances : i.instance => i }
+
+  zone_id = data.cloudflare_zone.cf_zone.id
+  type    = "A"
+  proxied = false
+  ttl     = 120
+
+  name    = "clt-${each.value.instance}.ahoyworld.stg.${var.network_subdomain}"
+  content = digitalocean_droplet.stg_ahoyworld_clt[each.key].ipv4_address
+}
+
+resource "cloudflare_record" "stg_ahoyworld_clt_dns__private" {
+  for_each = { for i in local.clt_instances : i.instance => i }
+
+  zone_id = data.cloudflare_zone.cf_zone.id
+  type    = "A"
+  proxied = false
+  ttl     = 120
+
+  name    = "clt-${each.value.instance}.ahoyworld.stg"
+  content = digitalocean_droplet.stg_ahoyworld_clt[each.key].ipv4_address_private
+}
diff --git a/terraform/stg-cluster-ahoyworld/main.tf b/terraform/stg-cluster-ahoyworld/main.tf
@@ -22,6 +22,15 @@ data "cloudflare_zone" "cf_zone" {
 #   }
 # }
 
+locals {
+  ssh_accounts = ["ssh-service-camperbot-ed25519", "ssh-service-terraform-ed25519"]
+}
+
+data "digitalocean_ssh_key" "stg_ssh_keys" {
+  for_each = toset(local.ssh_accounts)
+  name     = each.value
+}
+
 locals {
   pxy_node_count = 3 # number of proxy nodes
   api_node_count = 3 # number of api nodes
@@ -30,46 +39,24 @@ locals {
 }
 
 locals {
-  ipam_block_pxy = 10  # 10.0.0.11, 10.0.0.12, ...
-  ipam_block_api = 20  # 10.0.0.21, 10.0.0.22, ...
-  ipam_block_clt = 40  # 10.0.0.41, 10.0.0.42, ...
-  ipam_block_nws = 100 # 10.0.0.100, 10.0.0.102, ...
-  ipam_block_jms = 120 # 10.0.0.120, 10.0.0.121, ...
-}
-
-// When removing an item, DO NOT change the IPAM number.
-locals {
-  nws_instances = {
-    # eng = { name = "eng", ipam_id = 0 }, # 10.0.0.100
-    chn = { name = "chn", ipam_id = 1 }, # 10.0.0.101
-    esp = { name = "esp", ipam_id = 2 }, # ...
-    ita = { name = "ita", ipam_id = 3 },
-    jpn = { name = "jpn", ipam_id = 4 },
-    kor = { name = "kor", ipam_id = 5 },
-    por = { name = "por", ipam_id = 6 },
-    ukr = { name = "ukr", ipam_id = 7 },
-    # ger = { name = "ger", ipam_id = 8 }
-  }
-
   clt_config_meta = {
-    eng = { name = "eng", ipam_id = 0, node_count = local.clt_node_count },  # 10.0.0.40, 10.0.0.41, ...
-    chn = { name = "chn", ipam_id = 5, node_count = local.clt_node_count },  # 10.0.0.45, 10.0.0.46, ...
-    esp = { name = "esp", ipam_id = 10, node_count = local.clt_node_count }, # 10.0.0.50, 10.0.0.51, ...
-    ita = { name = "ita", ipam_id = 15, node_count = local.clt_node_count }, # 10.0.0.55, 10.0.0.56, ...
-    jpn = { name = "jpn", ipam_id = 20, node_count = local.clt_node_count }, # 10.0.0.60, 10.0.0.61, ...
-    # kor = { name = "kor", ipam_id = 6, node_count = local.clt_node_count },
-    por = { name = "por", ipam_id = 25, node_count = local.clt_node_count }, # 10.0.0.65, 10.0.0.66, ...
-    ukr = { name = "ukr", ipam_id = 30, node_count = local.clt_node_count }, # 10.0.0.70, 10.0.0.71, ...
-    ger = { name = "ger", ipam_id = 35, node_count = local.clt_node_count }, # 10.0.0.75, 10.0.0.76, ...
-    cnt = { name = "cnt", ipam_id = 40, node_count = local.clt_node_count }  # 10.0.0.80, 10.0.0.81, ...
-    swa = { name = "swa", ipam_id = 45, node_count = local.clt_node_count }  # 10.0.0.85, 10.0.0.86, ...
+    eng = { name = "eng", node_count = local.clt_node_count },
+    # chn = { name = "chn", node_count = local.clt_node_count },
+    # esp = { name = "esp", node_count = local.clt_node_count },
+    # ita = { name = "ita", node_count = local.clt_node_count },
+    # jpn = { name = "jpn", node_count = local.clt_node_count },
+    # # kor = { name = "kor", node_count = local.clt_node_count },
+    # por = { name = "por", node_count = local.clt_node_count },
+    # ukr = { name = "ukr", node_count = local.clt_node_count },
+    # ger = { name = "ger", node_count = local.clt_node_count },
+    # cnt = { name = "cnt", node_count = local.clt_node_count }
+    # swa = { name = "swa", node_count = local.clt_node_count }
   }
 
   clt_instances = flatten([
     [for k, v in local.clt_config_meta : [
       for i in range(v.node_count) : {
         name     = v.name
-        ipam_id  = v.ipam_id + i
         instance = "${k}-${i}"
       }
     ]],

diff --git a/terraform/stg-cluster-ahoyworld/project.tf b/terraform/stg-cluster-ahoyworld/project.tf
@@ -0,0 +1,14 @@
+resource "digitalocean_project" "stg_project" {
+  name        = "stg-ahoyworld"
+  description = "AhoyWorld staging resources."
+  purpose     = "Web Application"
+  environment = "Staging"
+}
+
+resource "digitalocean_project_resources" "stg_project_resources" {
+  project = digitalocean_project.stg_project.id
+  resources = flatten([
+    [for droplet in digitalocean_droplet.stg_ahoyworld_pxy : droplet.urn],
+    [for droplet in digitalocean_droplet.stg_ahoyworld_clt : droplet.urn]
+  ])
+}
diff --git a/terraform/stg-cluster-ahoyworld/variables.tf b/terraform/stg-cluster-ahoyworld/variables.tf
@@ -25,3 +25,15 @@ variable "cloudflare_account_id" {
   type        = string
   description = "Cloudflare Account ID"
 }
+
+variable "network_subdomain" {
+  description = "The subdomain for the network."
+  type        = string
+  sensitive   = true
+}
+
+variable "ssh_terraform_ed25519_private_key" {
+  type        = string
+  description = "The private key for the terraform account."
+  sensitive   = true
+}