MirrorMirror
/
lufi
mirror of https://framagit.org/fiat-tux/hat-softwares/lufi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ansible-provisioning' into 'development' 

Adhere to ansible styling guide

See merge request fiat-tux/hat-softwares/lufi!99
This commit is contained in:
Luc Didry 2022-05-13 13:06:28 +00:00
parent a2e68a2d62 3b074a32e5
commit 1dee0e691e
11 changed files with 205 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.provision/README.md
View File

@ -4,4 +4,4 @@ An ansible role deploy the application on host machine(Ubuntu 20.04)
## terraform-aws-lufi ## terraform-aws-lufi
A terraform plan creates necessary AWS infrastructure and deploy the lufi. This terraform plan uses the above ansible roles `ansible-role-lufi` to configure the application on AWS. A terraform plan creates necessary AWS infrastructure and deploy the lufi. This terraform plan uses the `lufi_startup.sh` script to deploy application on AWS and also uses above ansible roles `ansible-role-lufi` to configure the application on AWS.

8
.provision/ansible-role-lufi/README.md
View File

@ -9,10 +9,10 @@ Role Variables
| `app_dir` | /var/www/lufi | Set the application directory for the best practice | | `app_dir` | /var/www/lufi | Set the application directory for the best practice |
| `lufi_owner` | www-data | Set the application user for the best practice | | `lufi_owner` | www-data | Set the application user for the best practice |
| `lufi_group` | www-data | Set the application group for the best practice | | `lufi_group` | www-data | Set the application group for the best practice |
| `contact` | contact.example.com | Contact option (mandatory), where you have to put some way for the users to contact you. | | `_contact` | contact.example.com | Contact option (mandatory), where you have to put some way for the users to contact you. |
| `report` | report@example.com | report option (mandatory) Put an email address or an URL to let people report illegal files | | `_report` | report@example.com | report option (mandatory) Put an email address or an URL to let people report illegal files |
| `project_version` | master | We can chose the project version either Master branch, Dev branch or tag based | | `_project_version` | master | We can chose the project version either Master branch, Dev branch or tag based |
| `servername` | IP address (or) CNAME/FQDN | Mention the Server Name for the Nginx configurations | | `_server_name` | IP address (or) CNAME/FQDN | Mention the Server Name for the Nginx configurations |
Sample example of use in a playbook Sample example of use in a playbook
-------------- --------------

4
.provision/ansible-role-lufi/tasks/apprun.yml
View File

@ -6,7 +6,7 @@
chdir: "{{ app_dir }}" chdir: "{{ app_dir }}"
- name: Upload application file - name: Upload application file
template: ansible.builtin.template:
src: ../templates/lufi.conf.j2 src: ../templates/lufi.conf.j2
dest: "{{ app_dir }}/lufi.conf" dest: "{{ app_dir }}/lufi.conf"
@ -16,7 +16,7 @@
chdir: "{{ app_dir }}" chdir: "{{ app_dir }}"
- name: Nginx configuration file add - name: Nginx configuration file add
template: ansible.builtin.template:
src: ../templates/app.conf src: ../templates/app.conf
dest: /etc/nginx/conf.d/ dest: /etc/nginx/conf.d/
mode: '0644' mode: '0644'

6
.provision/ansible-role-lufi/tasks/dependencies.yml
View File

@ -1,5 +1,7 @@
#dependencies.yml
---
- name: Install Dependencies - name: Install Dependencies
apt: ansible.builtin.apt:
name: name:
- nginx - nginx
- build-essential - build-essential
@ -12,6 +14,6 @@
state: present state: present
- name: Install Postgress Dev Packages - name: Install Postgress Dev Packages
apt: ansible.builtin.apt:
name: name:
- libpq-dev - libpq-dev

4
.provision/ansible-role-lufi/templates/lufi.conf.j2
View File

@ -21,12 +21,12 @@
# Put a way to contact you here and uncomment it # Put a way to contact you here and uncomment it
# You can put some HTML in it # You can put some HTML in it
# MANDATORY # MANDATORY
contact => '<a href="https://{{ contact }}">Contact page</a>', contact => '<a href="https://{{ _contact }}">Contact page</a>',
# Put an URL or an email address to receive file reports and uncomment it # Put an URL or an email address to receive file reports and uncomment it
# It's for make reporting illegal files easy for users # It's for make reporting illegal files easy for users
# MANDATORY # MANDATORY
report => '{{ report }}', report => '{{ _report }}',
# Array of random strings used to encrypt cookies # Array of random strings used to encrypt cookies
# optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT # optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT

12
.provision/ansible-role-lufi/vars/main.yml
View File

@ -5,12 +5,12 @@ lufi_owner: "www-data"
lufi_group: "www-data" lufi_group: "www-data"
contact: "contact.example.com"
report: "report@example.com"
app_dir: "" app_dir: ""
project_version: "" _contact: "contact.example.com"
servername: "" _report: "report@example.com"
_project_version: ""
_servername: ""

68
.provision/terraform-aws-lufi/README.md
View File

@ -16,3 +16,71 @@
| `aws_access_key` | AWSACCESSKEY | Enter your aws access key | | `aws_access_key` | AWSACCESSKEY | Enter your aws access key |
| `aws_secrete_key` | AWSSECRETEKEY | Enter your aws secrete key | | `aws_secrete_key` | AWSSECRETEKEY | Enter your aws secrete key |
| `instance_name` | Lufi_app_instance | Set the name for instance | | `instance_name` | Lufi_app_instance | Set the name for instance |
| `app_dir` | /var/www/ | Set the application directory for the best practice |
| `lufi_owner` | www-data | Set the application user for the best practice |
| `lufi_group` | www-data | Set the application group for the best practice |
| `contact` | contact.example.com | Contact option (mandatory), where you have to put some way for the users to contact you. |
| `report` | report@example.com | report option (mandatory) Put an email address or an URL to let people report illegal files |
## Usage of terraform plan with lufi deploy script
```sh
git clone https://framagit.org/fiat-tux/hat-softwares/lufi.git
cd lufi/.provision/terraform-aws-lufi
terraform init
terraform plan
terraform apply
```
## Usage of terraform plan with ansible role
- Comment out the below `data template` and `user_data` source in __main.tf__ file
```hcl
locals {
user_data_vars = {
user = var.lufi_owner
group = var.lufi_group
directory = var.app_dir
git_branch = var.project_version
contact_lufi = var.contact
report_lufi = var.report
}
}
```
```hcl
user_data = templatefile("${path.module}/lufi_startup.sh", local.user_data_vars)
```
- Add the below provisioner data in __main.tf__ file at the `aws_instance` resource
```sh
connection {
agent = false
type = "ssh"
host = aws_instance.ec2_instance.public_dns
private_key = "${file(var.private_key)}"
user = "${var.user}"
}
provisioner "remote-exec" {
inline = [
"sudo apt update -y",
"sudo apt install python3.9 -y",
]
}
provisioner "local-exec" {
command = <<EOT
sleep 120 && \
> hosts && \
echo "[Lufi]" | tee -a hosts && \
echo "${aws_instance.ec2_instance.public_ip} ansible_user=${var.user} ansible_ssh_private_key_file=${var.private_key}" | tee -a hosts && \
export ANSIBLE_HOST_KEY_CHECKING=False && \
ansible-playbook -u ${var.user} --private-key ${var.private_key} -i hosts site.yml
EOT
}
```

59
.provision/terraform-aws-lufi/lufi_startup.sh Normal file
View File

@ -0,0 +1,59 @@
#!/usr/bin/env bash
set -euo pipefail
echo "**********************************************************************"
echo " *"
echo "Install dependencies *"
echo " *"
echo "**********************************************************************"
SUDO=sudo
$SUDO apt update
$SUDO apt install jq wget unzip carton build-essential nginx libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl zlib1g-dev libmojo-sqlite-perl libpq-dev -y
echo "**********************************************************************"
echo " *"
echo "Configuring the Application *"
echo " *"
echo "**********************************************************************"
sleep 10;
version=$(curl -s https://framagit.org/api/v4/projects/1998/releases | jq '.[]' | jq -r '.name' | head -1)
echo $version
pushd ${directory}
$SUDO wget https://framagit.org/fiat-tux/hat-softwares/lufi/-/archive/$version/lufi-$version.zip
$SUDO unzip lufi-$version.zip
$SUDO chown ${user} lufi-$version
$SUDO chgrp ${group} lufi-$version
pushd lufi-$version
echo "**********************************************************************"
echo " *"
echo "Install Carton Packages *"
echo " *"
echo "**********************************************************************"
$SUDO carton install --deployment --without=test --without=sqlite --without=mysql
sleep 10;
$SUDO cp lufi.conf.template lufi.conf
sed -i 's/127.0.0.1/0.0.0.0/' lufi.conf
sed -i 's/#contact/contact/g' lufi.conf
sed -i "s/contact.example.com/${contact_lufi}/g" lufi.conf
sed -i 's/#report/report/' -i lufi.conf
sed -i "s/report@example.com/${report_lufi}/g" lufi.conf
sed -i "192 , 194 s/#/ /g" lufi.conf && \
sed -i "195 s/# / /g" lufi.conf && \
sed -i "196 , 198 s/#/ /g" lufi.conf && \
sed -i "199 , 201 s/# / /g" lufi.conf && \
sed -i "202 s/#/ /g" lufi.conf
echo "**********************************************************************"
echo " *"
echo "Run the Application *"
echo " *"
echo "**********************************************************************"
$SUDO carton exec hypnotoad script/lufi

69
.provision/terraform-aws-lufi/main.tf
View File

@ -1,5 +1,15 @@
locals {
user_data_vars = {
user = var.lufi_owner
group = var.lufi_group
directory = var.app_dir
contact_lufi = var.contact
report_lufi = var.report
}
}
#Create the VPC #Create the VPC
resource "aws_vpc" "MAIN" { resource "aws_vpc" "vpc" {
cidr_block = "${var.vpc_cidr}" cidr_block = "${var.vpc_cidr}"
enable_dns_hostnames = true enable_dns_hostnames = true
enable_dns_support = true enable_dns_support = true
@ -12,7 +22,7 @@ resource "aws_vpc" "MAIN" {
# Create InternetGateWay and attach to VPC # Create InternetGateWay and attach to VPC
resource "aws_internet_gateway" "IGW" { resource "aws_internet_gateway" "IGW" {
vpc_id = "${aws_vpc.MAIN.id}" vpc_id = "${aws_vpc.vpc.id}"
tags = { tags = {
"Name" = "lufi-master-igw" "Name" = "lufi-master-igw"
} }
@ -21,7 +31,7 @@ resource "aws_internet_gateway" "IGW" {
# Create a public subnet # Create a public subnet
resource "aws_subnet" "publicsubnet" { resource "aws_subnet" "publicsubnet" {
vpc_id = "${aws_vpc.MAIN.id}" vpc_id = "${aws_vpc.vpc.id}"
cidr_block = "${var.public_subnet_cidr}" cidr_block = "${var.public_subnet_cidr}"
map_public_ip_on_launch = true map_public_ip_on_launch = true
tags = { tags = {
@ -30,8 +40,8 @@ resource "aws_subnet" "publicsubnet" {
} }
# Create routeTable # Create routeTable
resource "aws_route_table" "publicroute" { resource "aws_route_table" "public" {
vpc_id = "${aws_vpc.MAIN.id}" vpc_id = "${aws_vpc.vpc.id}"
route { route {
cidr_block = "0.0.0.0/0" cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.IGW.id}" gateway_id = "${aws_internet_gateway.IGW.id}"
@ -43,14 +53,14 @@ resource "aws_route_table" "publicroute" {
} }
resource "aws_main_route_table_association" "mainRTB" { resource "aws_main_route_table_association" "mainRTB" {
vpc_id = "${aws_vpc.MAIN.id}" vpc_id = "${aws_vpc.vpc.id}"
route_table_id = "${aws_route_table.publicroute.id}" route_table_id = "${aws_route_table.public.id}"
} }
## Create security group ## Create security group
resource "aws_security_group" "security" { resource "aws_security_group" "security" {
name = "lufi-master-sg" name = "lufi-master-sg"
description = "allow all traffic" description = "allow all traffic"
vpc_id = "${aws_vpc.MAIN.id}" vpc_id = "${aws_vpc.vpc.id}"
ingress { ingress {
description = "allow all traffic" description = "allow all traffic"
@ -82,45 +92,28 @@ resource "aws_key_pair" "genkey" {
public_key = "${file(var.public_key)}" public_key = "${file(var.public_key)}"
} }
# Add ubuntu AMI
data "aws_ami" "ubuntu" {
most_recent = true
owners = ["099720109477"]
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
}
}
# Craete ec2 instance # Craete ec2 instance
resource "aws_instance" "ec2_instance" { resource "aws_instance" "ec2_instance" {
ami = "ami-04505e74c0741db8d" ami = "${data.aws_ami.ubuntu.id}"
instance_type = "t2.medium" instance_type = "t2.medium"
associate_public_ip_address = "true" associate_public_ip_address = "true"
subnet_id = "${aws_subnet.publicsubnet.id}" subnet_id = "${aws_subnet.publicsubnet.id}"
vpc_security_group_ids = ["${aws_security_group.security.id}"] vpc_security_group_ids = ["${aws_security_group.security.id}"]
user_data = templatefile("${path.module}/lufi_startup.sh", local.user_data_vars)
key_name = "lufi.webapp" key_name = "lufi.webapp"
connection {
agent = false
type = "ssh"
host = aws_instance.ec2_instance.public_dns
private_key = "${file(var.private_key)}"
user = "${var.user}"
}
provisioner "remote-exec" {
inline = [
"sudo apt update -y",
"sudo apt install python3.9 -y",
]
}
provisioner "local-exec" {
command = <<EOT
sleep 120 && \
> hosts && \
echo "[Lufi]" | tee -a hosts && \
echo "${aws_instance.ec2_instance.public_ip} ansible_user=${var.user} ansible_ssh_private_key_file=${var.private_key}" | tee -a hosts && \
export ANSIBLE_HOST_KEY_CHECKING=False && \
ansible-playbook -u ${var.user} --private-key ${var.private_key} -i hosts site.yml
EOT
}
tags = { tags = {
Name = "${var.instance_name}" Name = "${var.instance_name}"
} }
} }

9
.provision/terraform-aws-lufi/provider.tf
View File

@ -1,3 +1,12 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
}
}
provider "aws" { provider "aws" {
access_key = "${var.aws_access_key}" access_key = "${var.aws_access_key}"
secret_key = "${var.aws_secret_key}" secret_key = "${var.aws_secret_key}"

19
.provision/terraform-aws-lufi/vars.tf
View File

@ -33,4 +33,23 @@ variable "instance_name" {
default = "instance_name" default = "instance_name"
} }
variable "lufi_owner" {
default = ""
}
variable "lufi_group" {
default = ""
}
variable "app_dir" {
default = ""
}
variable "contact" {
default = ""
}
variable "report" {
default = ""
}