From 51374f3eec4bf9234ad1dfaae6a9fb8d15ca4051 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nil=20G=C3=A0llego?= <73447234+nilgaar@users.noreply.github.com> Date: Sat, 13 Jul 2024 23:54:31 +0200 Subject: [PATCH 1/3] Develop (#2) * wip * chore: Update AWS VPC Terraform templates and workflows --- .github/workflows/deploy_aws_vpc.yml | 18 ++++++++++++++---- .gitignore | 1 + IaC/ansible/apache.yml | 27 +++++++++++++++++++++++++++ IaC/aws/terraform/awsEC2s.pub | 1 + IaC/aws/terraform/ec2.tf | 23 +++++++++++++++++++++++ IaC/aws/terraform/ec2_+_ebs.tf | 22 ---------------------- IaC/aws/terraform/key_pair.tf | 4 ++++ 7 files changed, 70 insertions(+), 26 deletions(-) create mode 100644 IaC/ansible/apache.yml create mode 100644 IaC/aws/terraform/awsEC2s.pub create mode 100644 IaC/aws/terraform/ec2.tf delete mode 100644 IaC/aws/terraform/ec2_+_ebs.tf create mode 100644 IaC/aws/terraform/key_pair.tf diff --git a/.github/workflows/deploy_aws_vpc.yml b/.github/workflows/deploy_aws_vpc.yml index 0203f56..08fadf3 100644 --- a/.github/workflows/deploy_aws_vpc.yml +++ b/.github/workflows/deploy_aws_vpc.yml @@ -9,17 +9,27 @@ on: workflow_dispatch: jobs: - build: + deploy: + name: Deploy Infrastructure runs-on: ubuntu-latest + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_INFRA_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_INFRA_KEY }} steps: - uses: actions/checkout@v3 + - uses: opentofu/setup-opentofu@v1.0.3 + name: Setup OpenTofu + - name: OpenTofu Setup and Validate run: | cd ./IaC/aws/terraform/ tofu init tofu validate tofu plan -var="AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}" -var="AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_INFRA_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_INFRA_KEY }} + + - name: Deploy VPC + if: github.ref == 'refs/heads/main' + run: | + cd ./IaC/aws/terraform/ + tofu apply -auto-approve -var="AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}" -var="AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" diff --git a/.gitignore b/.gitignore index e06d0dd..61b287c 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ IaC/aws/terraform/_provider.tf +awsEC2s \ No newline at end of file diff --git a/IaC/ansible/apache.yml b/IaC/ansible/apache.yml new file mode 100644 index 0000000..1728955 --- /dev/null +++ b/IaC/ansible/apache.yml @@ -0,0 +1,27 @@ +- name: Install and start Apache + hosts: all + become: yes + tasks: + - name: Update apt repo and cache + apt: + update_cache: yes + cache_valid_time: 3600 + + - name: Install Apache + apt: + name: apache2 + state: present + + - name: Start and enable Apache + systemd: + name: apache2 + enabled: yes + state: started + + - name: Set up index.html + copy: + content: "

Deployed via Ansible

" + dest: /var/www/html/index.html + owner: www-data + group: www-data + mode: "0644" diff --git a/IaC/aws/terraform/awsEC2s.pub b/IaC/aws/terraform/awsEC2s.pub new file mode 100644 index 0000000..2e35383 --- /dev/null +++ b/IaC/aws/terraform/awsEC2s.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEPHgQtk6l3FROLb4x7Gj93xNo8F/m8kj9pQku5lIBLV nil@MacBook-Pro-de-Nil.local diff --git a/IaC/aws/terraform/ec2.tf b/IaC/aws/terraform/ec2.tf new file mode 100644 index 0000000..a11af3d --- /dev/null +++ b/IaC/aws/terraform/ec2.tf @@ -0,0 +1,23 @@ +data "aws_ssm_parameter" "ubuntu22" { + name = "/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id" +} + +resource "aws_instance" "ec2example" { + ami = data.aws_ssm_parameter.ubuntu22.value + instance_type = "t3.micro" + availability_zone = "eu-west-1a" + subnet_id = aws_subnet.subnet.id + vpc_security_group_ids = [aws_security_group.sec_group.id] + associate_public_ip_address = true + key_name = aws_key_pair.ec2_key_pair.key_name + + provisioner "local-exec" { + command = "ansible-playbook -i '${self.public_ip},' --private-key ${path.module}/ ansible/playbook.yml" + } + + provisioner "remote-exec" { + inline = [ + "echo 'Waiting for instance to be ready'" + ] + } +} diff --git a/IaC/aws/terraform/ec2_+_ebs.tf b/IaC/aws/terraform/ec2_+_ebs.tf deleted file mode 100644 index 2781e91..0000000 --- a/IaC/aws/terraform/ec2_+_ebs.tf +++ /dev/null @@ -1,22 +0,0 @@ -data "aws_ssm_parameter" "ubuntu22" { - name = "/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id" -} - -resource "aws_instance" "ec2example" { - ami = data.aws_ssm_parameter.ubuntu22.value - instance_type = "t3.micro" - availability_zone = "eu-west-1a" - subnet_id = aws_subnet.subnet.id - vpc_security_group_ids = [aws_security_group.sec_group.id] - - associate_public_ip_address = true - - user_data = <Deployed via Terraform" | sudo tee /var/www/html/index.html -EOF -} \ No newline at end of file diff --git a/IaC/aws/terraform/key_pair.tf b/IaC/aws/terraform/key_pair.tf new file mode 100644 index 0000000..1d6139b --- /dev/null +++ b/IaC/aws/terraform/key_pair.tf @@ -0,0 +1,4 @@ +resource "aws_key_pair" "ec2_key_pair" { + key_name = "ec2-key-pair" + public_key = file("${path.module}/awsEC2s.pub") +} From 9dc0d7d55637bb671160a96909121d500f3513cb Mon Sep 17 00:00:00 2001 From: Nil Date: Sun, 14 Jul 2024 01:50:59 +0200 Subject: [PATCH 2/3] wip wip chore: Add VPC destruction step to AWS deployment workflow wip chore: Update VPC destruction step in AWS deployment workflow chore: Add SSH key setup step to AWS deployment workflow chore: Add destroy step to AWS deployment workflow chore: Add needs dependency for destroy job in AWS deployment workflow chore: Update Apache playbook in AWS EC2 Terraform configuration chore: Update sleep duration in EC2 Terraform configuration chore: Update sleep duration in EC2 Terraform configuration wip wip wip chore: Update EC2 Terraform configuration to use ANSIBLE_HOST_KEY_CHECKING=False wip wip wip chore: Update EC2 Terraform configuration to use ANSIBLE_HOST_KEY_CHECKING=False Update EC2 Terraform configuration to use t3.micro instance type and increase sleep duration --- .github/workflows/deploy_aws_vpc.yml | 10 ++++++++++ IaC/ansible/apache.yml | 1 + IaC/aws/terraform/ec2.tf | 17 ++++++++++++----- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/.github/workflows/deploy_aws_vpc.yml b/.github/workflows/deploy_aws_vpc.yml index 08fadf3..8f52119 100644 --- a/.github/workflows/deploy_aws_vpc.yml +++ b/.github/workflows/deploy_aws_vpc.yml @@ -21,6 +21,11 @@ jobs: - uses: opentofu/setup-opentofu@v1.0.3 name: Setup OpenTofu + - name: Setup SSH Key using webfactory/ssh-agent + uses: webfactory/ssh-agent@v0.5.4 + with: + ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} + - name: OpenTofu Setup and Validate run: | cd ./IaC/aws/terraform/ @@ -33,3 +38,8 @@ jobs: run: | cd ./IaC/aws/terraform/ tofu apply -auto-approve -var="AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}" -var="AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" + + - name: Destroy VPC + run: | + cd ./IaC/aws/terraform/ + tofu destroy -auto-approve -var="AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}" -var="AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" diff --git a/IaC/ansible/apache.yml b/IaC/ansible/apache.yml index 1728955..0428125 100644 --- a/IaC/ansible/apache.yml +++ b/IaC/ansible/apache.yml @@ -1,3 +1,4 @@ +--- - name: Install and start Apache hosts: all become: yes diff --git a/IaC/aws/terraform/ec2.tf b/IaC/aws/terraform/ec2.tf index a11af3d..950ce1f 100644 --- a/IaC/aws/terraform/ec2.tf +++ b/IaC/aws/terraform/ec2.tf @@ -11,13 +11,20 @@ resource "aws_instance" "ec2example" { associate_public_ip_address = true key_name = aws_key_pair.ec2_key_pair.key_name - provisioner "local-exec" { - command = "ansible-playbook -i '${self.public_ip},' --private-key ${path.module}/ ansible/playbook.yml" - } - provisioner "remote-exec" { inline = [ - "echo 'Waiting for instance to be ready'" + "echo 'Waiting for instance to be fully ready...'", + "sleep 60" ] } + + provisioner "local-exec" { + command = "ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i '${self.public_ip},' ${path.module}/../../ansible/apache.yml -u 'ubuntu'" + } + + connection { + type = "ssh" + user = "ubuntu" + host = self.public_ip + } } From e65187bd135a25f8a73ad855a305533fedc467b8 Mon Sep 17 00:00:00 2001 From: Nil Date: Sun, 14 Jul 2024 01:53:55 +0200 Subject: [PATCH 3/3] wip --- IaC/aws/terraform/ec2.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/IaC/aws/terraform/ec2.tf b/IaC/aws/terraform/ec2.tf index 950ce1f..1c38e08 100644 --- a/IaC/aws/terraform/ec2.tf +++ b/IaC/aws/terraform/ec2.tf @@ -14,7 +14,7 @@ resource "aws_instance" "ec2example" { provisioner "remote-exec" { inline = [ "echo 'Waiting for instance to be fully ready...'", - "sleep 60" + "sleep 20" ] }