mirror of
https://github.com/dap-ps/infra-dapps.git
synced 2025-02-23 01:18:08 +00:00
add a prod environment
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
parent
13d1538c4c
commit
dc4151ba00
17
Makefile
17
Makefile
@ -77,14 +77,15 @@ secrets:
|
||||
echo "Saving secrets to: terraform.tfvars"
|
||||
@echo "\
|
||||
# secrets extracted from password-store\n\
|
||||
aws_access_key = \"$(shell pass cloud/AWS/access-key)\"\n\
|
||||
aws_secret_key = \"$(shell pass cloud/AWS/secret-key)\"\n\
|
||||
gandi_api_token = \"$(shell pass cloud/Gandi/api-token)\"\n\
|
||||
dap_ps_smtp_user = \"$(shell pass cloud/AWS/ses/smtp-user)\"\n\
|
||||
dap_ps_smtp_pass = \"$(shell pass cloud/AWS/ses/smtp-secret-key)\"\n\
|
||||
dap_ps_admin_user = \"$(shell pass service/dev/app/admin-user)\"\n\
|
||||
dap_ps_admin_pass = \"$(shell pass service/dev/app/admin-pass)\"\n\
|
||||
dap_ps_db_uri = \"$(shell pass service/dev/mongodb/uri)\"\n\
|
||||
aws_access_key = \"$(shell pass cloud/AWS/access-key)\"\n\
|
||||
aws_secret_key = \"$(shell pass cloud/AWS/secret-key)\"\n\
|
||||
gandi_api_token = \"$(shell pass cloud/Gandi/api-token)\"\n\
|
||||
dap_ps_smtp_user = \"$(shell pass cloud/AWS/ses/smtp-user)\"\n\
|
||||
dap_ps_smtp_pass = \"$(shell pass cloud/AWS/ses/smtp-secret-key)\"\n\
|
||||
dap_ps_admin_user = \"$(shell pass service/dev/app/admin-user)\"\n\
|
||||
dap_ps_admin_pass = \"$(shell pass service/dev/app/admin-pass)\"\n\
|
||||
dap_ps_dev_db_uri = \"$(shell pass service/dev/mongodb/uri)\"\n\
|
||||
dap_ps_prod_db_uri = \"$(shell pass service/prod/mongodb/uri)\"\n\
|
||||
" > terraform.tfvars
|
||||
|
||||
cleanup:
|
||||
|
||||
2
db.tf
2
db.tf
@ -35,7 +35,7 @@ resource "aws_security_group" "mongodb" {
|
||||
|
||||
resource "aws_instance" "mongodb" {
|
||||
ami = data.aws_ami.ubuntu.id
|
||||
instance_type = var.instance_type
|
||||
instance_type = "t2.micro"
|
||||
key_name = aws_key_pair.admin.key_name
|
||||
availability_zone = var.zone
|
||||
|
||||
|
||||
28
dev.tf
28
dev.tf
@ -7,8 +7,8 @@ locals {
|
||||
ADMIN_USER = var.dap_ps_admin_user
|
||||
ADMIN_PASSWORD = var.dap_ps_admin_pass
|
||||
/* Database */
|
||||
DB_CONNECTION = var.dap_ps_db_uri
|
||||
/* BlockChain */
|
||||
DB_CONNECTION = var.dap_ps_dev_db_uri
|
||||
/* Blockchain */
|
||||
BLOCKCHAIN_CONNECTION_POINT = "wss://ropsten.infura.io/ws/v3/8675214b97b44e96b70d05326c61fd6a"
|
||||
DISCOVER_CONTRACT = "0x17e7a7330d23fc6a2ab8578a627408f815396662"
|
||||
MAX_REQUESTS_FOR_RATE_LIMIT_TIME = 1
|
||||
@ -24,27 +24,23 @@ locals {
|
||||
EMAIL_TLS = "true"
|
||||
APPROVER_MAIL = "dapps-approvals@status.im"
|
||||
APPROVE_NOTIFIER_MAIL = "dapps-approvals@status.im"
|
||||
/* CloudWatch TODO */
|
||||
CLOUDWATCH_ACCESS_KEY_ID = "This is for production, if you have logging set up (AWS Cloudwatch)"
|
||||
CLOUDWATCH_REGION = "This is for production, if you have logging set up (AWS Cloudwatch)"
|
||||
CLOUDWATCH_SECRET_ACCESS_KEY = "This is for production, if you have logging set up (AWS Cloudwatch)"
|
||||
}
|
||||
}
|
||||
|
||||
module "dev" {
|
||||
source = "./modules/aws-eb-env"
|
||||
name = "dev-dap-ps"
|
||||
gandi_zone_id = gandi_zone.dap_ps_zone.id
|
||||
dns_domain = "dap.ps"
|
||||
stage = "dev"
|
||||
stack_name = var.stack_name
|
||||
source = "./modules/aws-eb-env"
|
||||
name = "dev-dap-ps"
|
||||
stage = "dev"
|
||||
env_vars = local.dev_env
|
||||
dns_domain = var.public_domain
|
||||
stack_name = var.stack_name
|
||||
|
||||
/* Plumbing */
|
||||
keypair_name = aws_key_pair.admin.key_name
|
||||
gandi_zone_id = gandi_zone.dap_ps_zone.id
|
||||
|
||||
/* Scaling */
|
||||
instance_type = "t2.micro"
|
||||
autoscale_min = 1
|
||||
autoscale_max = 2
|
||||
|
||||
/* Environment */
|
||||
env_vars = local.dev_env
|
||||
}
|
||||
|
||||
|
||||
@ -66,7 +66,7 @@ module "eb_environment" {
|
||||
env_vars = var.env_vars
|
||||
|
||||
/* Scaling */
|
||||
instance_type = "t2.micro"
|
||||
instance_type = var.instance_type
|
||||
autoscale_min = var.autoscale_min /* min instances */
|
||||
autoscale_max = var.autoscale_max /* max instances */
|
||||
autoscale_measure_name = "CPUUtilization"
|
||||
|
||||
@ -41,6 +41,12 @@ variable "env_vars" {
|
||||
|
||||
/* Scaling --------------------------------------*/
|
||||
|
||||
variable "instance_type" {
|
||||
description = "Name of instance type to use"
|
||||
default = "t2.micro"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "autoscale_min" {
|
||||
description = "Minimum instances autoscaling will create."
|
||||
default = "1"
|
||||
|
||||
@ -1,61 +0,0 @@
|
||||
/* ACCESS ---------------------------------------*/
|
||||
|
||||
resource "aws_iam_group" "deploy" {
|
||||
name = "${var.name}-deploy"
|
||||
}
|
||||
|
||||
resource "aws_iam_user" "deploy" {
|
||||
name = "${var.name}-deploy"
|
||||
|
||||
tags = {
|
||||
Description = "User for deploying the ${var.dns_entry}.${var.dns_domain} Elastic Beanstalk app"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_iam_access_key" "deploy" {
|
||||
user = "${aws_iam_user.deploy.name}"
|
||||
pgp_key = "${file("files/support@dap.ps.gpg")}"
|
||||
}
|
||||
|
||||
resource "aws_iam_user_group_membership" "deploy" {
|
||||
user = "${aws_iam_user.deploy.name}"
|
||||
groups = ["${aws_iam_group.deploy.name}"]
|
||||
}
|
||||
|
||||
resource "aws_iam_group_policy_attachment" "deploy" {
|
||||
group = "${aws_iam_group.deploy.name}"
|
||||
policy_arn = "arn:aws:iam::aws:policy/AWSElasticBeanstalkFullAccess"
|
||||
}
|
||||
|
||||
/* ROLES ----------------------------------------*/
|
||||
|
||||
resource "aws_iam_instance_profile" "main" {
|
||||
name = "${var.name}"
|
||||
role = "${aws_iam_role.main.name}"
|
||||
}
|
||||
|
||||
resource "aws_iam_role" "main" {
|
||||
name = "${var.name}"
|
||||
|
||||
assume_role_policy = <<EOF
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Action": "sts:AssumeRole",
|
||||
"Principal": {
|
||||
"Service": "ec2.amazonaws.com"
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Sid": ""
|
||||
}
|
||||
]
|
||||
}
|
||||
EOF
|
||||
}
|
||||
|
||||
resource "aws_iam_policy_attachment" "AWSElasticBeanstalkWebTier" {
|
||||
name = "${var.name}-AWSElasticBeanstalkWebTier"
|
||||
roles = ["${aws_iam_role.main.name}"]
|
||||
policy_arn = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier"
|
||||
}
|
||||
@ -1,52 +0,0 @@
|
||||
/* SSL Certificate ------------------------------*/
|
||||
|
||||
resource "aws_acm_certificate" "prod" {
|
||||
domain_name = "${var.dns_domain}"
|
||||
validation_method = "DNS"
|
||||
}
|
||||
|
||||
resource "gandi_zonerecord" "prod_cert_verification" {
|
||||
zone = "${var.gandi_zone_id}"
|
||||
name = "${replace(aws_acm_certificate.prod.domain_validation_options.0.resource_record_name, ".${var.dns_domain}.", "")}"
|
||||
type = "${aws_acm_certificate.prod.domain_validation_options.0.resource_record_type}"
|
||||
ttl = 300
|
||||
values = ["${aws_acm_certificate.prod.domain_validation_options.0.resource_record_value}"]
|
||||
}
|
||||
|
||||
resource "aws_acm_certificate_validation" "prod" {
|
||||
certificate_arn = "${aws_acm_certificate.prod.arn}"
|
||||
validation_record_fqdns = ["${gandi_zonerecord.prod_cert_verification.name}.${var.dns_domain}"]
|
||||
}
|
||||
|
||||
/* RESOURCES ------------------------------------*/
|
||||
|
||||
|
||||
//resource "aws_elastic_beanstalk_application" "dev_dap_ps" {
|
||||
// name = "dev-dap-ps-app"
|
||||
// description = "dev.dap.ps application"
|
||||
//}
|
||||
//
|
||||
//resource "aws_elastic_beanstalk_environment" "dev_dap_ps" {
|
||||
// name = "dev-dap-ps-app"
|
||||
// application = "${aws_elastic_beanstalk_application.dev_dap_ps.name}"
|
||||
// solution_stack_name = "64bit Amazon Linux 2018.03 v4.8.3 running Node.js"
|
||||
//
|
||||
// setting {
|
||||
// namespace = "aws:autoscaling:launchconfiguration"
|
||||
// name = "IamInstanceProfile"
|
||||
// value = "${aws_iam_instance_profile.main.name}"
|
||||
// }
|
||||
//}
|
||||
|
||||
|
||||
/* DNS ------------------------------------------*/
|
||||
|
||||
|
||||
//resource "gandi_zonerecord" "dev_dap_ps_site" {
|
||||
// zone = "${var.gandi_zone_id}"
|
||||
// name = "${var.dns_entry}"
|
||||
// type = "CNAME"
|
||||
// ttl = 3600
|
||||
// values = ["${aws_elastic_beanstalk_environment.dev_dap_ps.cname}."]
|
||||
//}
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
/**
|
||||
* Uncomment this if you want to extract the secret again.
|
||||
* For details see: https://www.terraform.io/docs/providers/aws/r/iam_access_key.html
|
||||
**/
|
||||
//output "deploy_access_key" {
|
||||
// value = "${aws_iam_access_key.deploy.id}"
|
||||
//}
|
||||
//
|
||||
//output "deploy_secret_key" {
|
||||
// value = "${aws_iam_access_key.deploy.encrypted_secret}"
|
||||
//}
|
||||
/**
|
||||
* This can be decrypted with:
|
||||
* echo $encrypted_secret | base64 --decode | keybase pgp
|
||||
**/
|
||||
|
||||
@ -1,15 +0,0 @@
|
||||
variable "name" {
|
||||
description = "Name of this environment to be used in all resources."
|
||||
}
|
||||
|
||||
variable "gandi_zone_id" {
|
||||
description = "ID of the zone in Gandi DNS registrar."
|
||||
}
|
||||
|
||||
variable "dns_domain" {
|
||||
description = "Name of domain for this environment."
|
||||
}
|
||||
|
||||
variable "dns_entry" {
|
||||
description = "Name of DNS entry for this environment."
|
||||
}
|
||||
54
prod.tf
54
prod.tf
@ -1,8 +1,50 @@
|
||||
module "prod" {
|
||||
source = "./modules/prod"
|
||||
name = "prod-dap-ps"
|
||||
gandi_zone_id = gandi_zone.dap_ps_zone.id
|
||||
dns_domain = "dap.ps"
|
||||
dns_entry = "prod" /* just means use `dap.ps` */
|
||||
locals {
|
||||
prod_env = {
|
||||
/* WARNING EB forces PORT 8081 */
|
||||
ENVIRONMENT = "PROD"
|
||||
RATE_LIMIT_TIME = 15
|
||||
/* Access */
|
||||
ADMIN_USER = var.dap_ps_admin_user
|
||||
ADMIN_PASSWORD = var.dap_ps_admin_pass
|
||||
/* Database */
|
||||
DB_CONNECTION = var.dap_ps_prod_db_uri
|
||||
/* Blockchain */
|
||||
BLOCKCHAIN_CONNECTION_POINT = "TODO"
|
||||
DISCOVER_CONTRACT = "TODO"
|
||||
MAX_REQUESTS_FOR_RATE_LIMIT_TIME = 1
|
||||
/* IPFS */
|
||||
IPFS_HOST = "ipfs.infura.io"
|
||||
IPFS_PORT = 5001
|
||||
IPFS_PROTOCOL = "https"
|
||||
/* Email */
|
||||
EMAIL_USER = var.dap_ps_smtp_user
|
||||
EMAIL_PASSWORD = var.dap_ps_smtp_pass
|
||||
EMAIL_HOST = "email-smtp.us-east-1.amazonaws.com"
|
||||
EMAIL_PORT = 465
|
||||
EMAIL_TLS = "true"
|
||||
APPROVER_MAIL = "dapps-approvals@status.im"
|
||||
APPROVE_NOTIFIER_MAIL = "dapps-approvals@status.im"
|
||||
/* CloudWatch TODO Once we have logging set up (AWS Cloudwatch) */
|
||||
CLOUDWATCH_ACCESS_KEY_ID = "TODO"
|
||||
CLOUDWATCH_REGION = "TODO"
|
||||
CLOUDWATCH_SECRET_ACCESS_KEY = "TODO"
|
||||
}
|
||||
}
|
||||
|
||||
module "prod" {
|
||||
source = "./modules/aws-eb-env"
|
||||
name = "prod-dap-ps"
|
||||
stage = "prod"
|
||||
env_vars = local.prod_env
|
||||
dns_domain = var.public_domain
|
||||
stack_name = var.stack_name
|
||||
|
||||
/* Plumbing */
|
||||
keypair_name = aws_key_pair.admin.key_name
|
||||
gandi_zone_id = gandi_zone.dap_ps_zone.id
|
||||
|
||||
/* Scaling */
|
||||
instance_type = "t2.micro"
|
||||
autoscale_min = 1
|
||||
autoscale_max = 6
|
||||
}
|
||||
|
||||
14
variables.tf
14
variables.tf
@ -46,11 +46,6 @@ variable "image_name" {
|
||||
default = "ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20190212.1"
|
||||
}
|
||||
|
||||
variable "instance_type" {
|
||||
description = "Name of instance type to use"
|
||||
default = "t2.micro"
|
||||
}
|
||||
|
||||
variable "ssh_user" {
|
||||
description = "Default user to use when accesing host via SSH."
|
||||
default = "ubuntu"
|
||||
@ -85,8 +80,13 @@ variable "dap_ps_smtp_pass" {
|
||||
description = "Password for accessing AWS SES SMTP endpoint."
|
||||
}
|
||||
|
||||
variable "dap_ps_db_uri" {
|
||||
description = "An URI for MongoDB database including auth information."
|
||||
variable "dap_ps_dev_db_uri" {
|
||||
description = "An URI for DEV MongoDB database including auth information."
|
||||
/* https://docs.mongodb.com/manual/reference/connection-string/ */
|
||||
}
|
||||
|
||||
variable "dap_ps_prod_db_uri" {
|
||||
description = "An URI for PROD MongoDB database including auth information."
|
||||
/* https://docs.mongodb.com/manual/reference/connection-string/ */
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user