x/terraform-digitalocean-spoke
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Many updates! terraform 0.14 formatting, nginx compat, error handling

Browse Source
This commit is contained in:
Dan Buch 2021-04-06 10:54:30 -04:00
parent 883213a3be
commit c1a57ba5d1
Signed by: meatballhat
GPG Key ID: 9685130D8B763EA7
4 changed files with 66 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
main.tf
View File

@ -65,92 +65,97 @@ terraform {
} }
} }
variable server_name { variable "server_name" {
description = "Server name used in nginx config" description = "Server name used in nginx config"
type = string type = string
} }
variable base_url { variable "base_url" {
description = "Fully qualified https URL of the app" description = "Fully qualified https URL of the app"
type = string type = string
} }
variable resource_prefix { variable "resource_prefix" {
description = "Prefix prepended to resource names" description = "Prefix prepended to resource names"
default = "spoke-" default = "spoke-"
type = string type = string
} }
variable node_options { variable "nginx_site_override_conf" {
description = "Complete nginx site configuration override"
default = ""
}
variable "node_options" {
description = "Value defined at build time and run time as NODE_OPTIONS" description = "Value defined at build time and run time as NODE_OPTIONS"
default = "--max_old_space_size=8192" default = "--max_old_space_size=8192"
type = string type = string
} }
variable node_env { variable "node_env" {
description = "Value defined at build time and run time as NODE_ENV" description = "Value defined at build time and run time as NODE_ENV"
default = "production" default = "production"
type = string type = string
} }
variable port { variable "port" {
description = "TCP port used to communicate between droplet and nginx" description = "TCP port used to communicate between droplet and nginx"
default = "3000" default = "3000"
type = string type = string
} }
variable droplet_image { variable "droplet_image" {
description = "Image to use when provisioning app droplet" description = "Image to use when provisioning app droplet"
default = "ubuntu-20-04-x64" default = "ubuntu-20-04-x64"
type = string type = string
} }
variable droplet_size { variable "droplet_size" {
description = "Size value passed when provisioning app droplet" description = "Size value passed when provisioning app droplet"
default = "s-1vcpu-1gb" default = "s-1vcpu-1gb"
type = string type = string
} }
variable region { variable "region" {
description = "Region in which all resources will be provisioned" description = "Region in which all resources will be provisioned"
default = "nyc1" default = "nyc1"
type = string type = string
} }
variable spoke_version { variable "spoke_version" {
description = "Git ref of MoveOnOrg/Spoke to deploy" description = "Git ref of MoveOnOrg/Spoke to deploy"
default = "v8.0" default = "v8.0"
type = string type = string
} }
variable ssh_keys { variable "ssh_keys" {
type = list(string) type = list(string)
description = "List of ssh public keys to pass to droplet provisioning" description = "List of ssh public keys to pass to droplet provisioning"
} }
variable cert_private_key { variable "cert_private_key" {
description = "Certificate key to pass to nginx" description = "Certificate key to pass to nginx"
type = string type = string
} }
variable cert_certificate { variable "cert_certificate" {
description = "Certificate with leaf and intermediates to pass to nginx" description = "Certificate with leaf and intermediates to pass to nginx"
type = string type = string
} }
variable env { variable "env" {
description = "Arbitrary *additional* environment variables passed at build time and run time" description = "Arbitrary *additional* environment variables passed at build time and run time"
default = {} default = {}
type = map(string) type = map(string)
} }
resource digitalocean_ssh_key app { resource "digitalocean_ssh_key" "app" {
count = length(var.ssh_keys) count = length(var.ssh_keys)
name = "${var.resource_prefix}app-${count.index}" name = "${var.resource_prefix}app-${count.index}"
public_key = element(var.ssh_keys, count.index) public_key = element(var.ssh_keys, count.index)
} }
resource digitalocean_droplet app { resource "digitalocean_droplet" "app" {
image = var.droplet_image image = var.droplet_image
name = "${var.resource_prefix}app" name = "${var.resource_prefix}app"
region = var.region region = var.region
@ -159,17 +164,17 @@ resource digitalocean_droplet app {
ssh_keys = digitalocean_ssh_key.app[*].id ssh_keys = digitalocean_ssh_key.app[*].id
} }
resource digitalocean_floating_ip app { resource "digitalocean_floating_ip" "app" {
droplet_id = digitalocean_droplet.app.id droplet_id = digitalocean_droplet.app.id
region = digitalocean_droplet.app.region region = digitalocean_droplet.app.region
} }
resource digitalocean_firewall app { resource "digitalocean_firewall" "app" {
name = "pghdsa-spoke-app" name = "pghdsa-spoke-app"
droplet_ids = [digitalocean_droplet.app.id] droplet_ids = [digitalocean_droplet.app.id]
dynamic inbound_rule { dynamic "inbound_rule" {
for_each = ["22", "80", "443"] for_each = ["22", "80", "443"]
content { content {
protocol = "tcp" protocol = "tcp"
@ -183,7 +188,7 @@ resource digitalocean_firewall app {
source_addresses = ["0.0.0.0/0", "::/0"] source_addresses = ["0.0.0.0/0", "::/0"]
} }
dynamic outbound_rule { dynamic "outbound_rule" {
for_each = ["tcp", "udp"] for_each = ["tcp", "udp"]
content { content {
protocol = outbound_rule.value protocol = outbound_rule.value
@ -198,12 +203,12 @@ resource digitalocean_firewall app {
} }
} }
resource random_string session_secret { resource "random_string" "session_secret" {
length = 199 length = 199
special = false special = false
} }
resource random_string pg_password { resource "random_string" "pg_password" {
length = 31 length = 31
} }
@ -231,7 +236,7 @@ locals {
}, var.env) }, var.env)
} }
resource null_resource app_provision { resource "null_resource" "app_provision" {
triggers = { triggers = {
droplet_id = digitalocean_droplet.app.id droplet_id = digitalocean_droplet.app.id
provision_script_sha1 = filesha1("${path.module}/spoke-app-provision") provision_script_sha1 = filesha1("${path.module}/spoke-app-provision")
@ -251,17 +256,17 @@ resource null_resource app_provision {
host = digitalocean_droplet.app.ipv4_address host = digitalocean_droplet.app.ipv4_address
} }
provisioner file { provisioner "file" {
source = "${path.module}/spoke-app-provision" source = "${path.module}/spoke-app-provision"
destination = "/tmp/spoke-app-provision" destination = "/tmp/spoke-app-provision"
} }
provisioner file { provisioner "file" {
source = "${path.module}/spoke-app-run" source = "${path.module}/spoke-app-run"
destination = "/tmp/spoke-app-run" destination = "/tmp/spoke-app-run"
} }
provisioner file { provisioner "file" {
content = templatefile("${path.module}/nginx-sites-default.conf.tpl", { content = templatefile("${path.module}/nginx-sites-default.conf.tpl", {
server_name = var.server_name, server_name = var.server_name,
port = var.port, port = var.port,
@ -269,17 +274,22 @@ resource null_resource app_provision {
destination = "/tmp/nginx-sites-default.conf" destination = "/tmp/nginx-sites-default.conf"
} }
provisioner file { provisioner "file" {
content = var.nginx_site_override_conf
destination = "/tmp/nginx-sites-default-override.conf"
}
provisioner "file" {
content = var.cert_certificate content = var.cert_certificate
destination = "/tmp/spoke.crt" destination = "/tmp/spoke.crt"
} }
provisioner file { provisioner "file" {
content = var.cert_private_key content = var.cert_private_key
destination = "/tmp/spoke.key" destination = "/tmp/spoke.key"
} }
provisioner file { provisioner "file" {
content = <<-ENVTMPL content = <<-ENVTMPL
%{for key, value in local.env_map~} %{for key, value in local.env_map~}
${key}='${value}' ${key}='${value}'
@ -289,36 +299,32 @@ ENVTMPL
destination = "/tmp/app.env" destination = "/tmp/app.env"
} }
provisioner file { provisioner "file" {
source = "${path.module}/spoke.service" source = "${path.module}/spoke.service"
destination = "/tmp/spoke.service" destination = "/tmp/spoke.service"
} }
provisioner remote-exec { provisioner "remote-exec" {
inline = [ script = "${path.module}/spoke-app-provision-wrapper"
"bash /tmp/spoke-app-provision system0",
"sudo -H -u spoke bash /tmp/spoke-app-provision spoke0",
"bash /tmp/spoke-app-provision system1",
]
} }
} }
output droplet_urn { output "droplet_urn" {
description = "urn of the droplet suitable for adding to project resources" description = "urn of the droplet suitable for adding to project resources"
value = digitalocean_droplet.app.urn value = digitalocean_droplet.app.urn
} }
output droplet_ipv4_address { output "droplet_ipv4_address" {
description = "ipv4 address of the droplet" description = "ipv4 address of the droplet"
value = digitalocean_droplet.app.ipv4_address value = digitalocean_droplet.app.ipv4_address
} }
output floating_ip_address { output "floating_ip_address" {
description = "floating IP address assigned to the droplet suitable for creating a DNS A record" description = "floating IP address assigned to the droplet suitable for creating a DNS A record"
value = digitalocean_floating_ip.app.ip_address value = digitalocean_floating_ip.app.ip_address
} }
output floating_ip_urn { output "floating_ip_urn" {
description = "urn of the floating IP address assigned to the droplet suitable for adding to project resources" description = "urn of the floating IP address assigned to the droplet suitable for adding to project resources"
value = digitalocean_floating_ip.app.urn value = digitalocean_floating_ip.app.urn
} }

9
spoke-app-provision
View File

@ -40,15 +40,15 @@ _run_system0() {
redis redis
dpkg --get-selections || true | dpkg --get-selections || true |
if ! grep -qE '^postgresql-client-11.+install$'; then if ! grep -qE '^postgresql-client-13.+install$'; then
echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" | echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" |
sudo tee /etc/apt/sources.list.d/pgdg.list &>/dev/null sudo tee /etc/apt/sources.list.d/pgdg.list &>/dev/null
curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt-get update -y sudo apt-get update -y
sudo apt-get install -y postgresql-11 postgresql-client-11 sudo apt-get install -y postgresql-13 postgresql-client-13
fi fi
pg_ctlcluster 11 main start pg_ctlcluster 13 main start
sudo -H -u postgres bash <<PGSETUP sudo -H -u postgres bash <<PGSETUP
set -o allexport set -o allexport
# shellcheck source=/dev/null # shellcheck source=/dev/null
@ -80,6 +80,9 @@ PGSETUP
chmod 0600 /home/spoke/spoke.crt /home/spoke/spoke.key chmod 0600 /home/spoke/spoke.crt /home/spoke/spoke.key
chown spoke /home/spoke/spoke.crt /home/spoke/spoke.key chown spoke /home/spoke/spoke.crt /home/spoke/spoke.key
cp -v /tmp/nginx-sites-default.conf /etc/nginx/sites-available/default cp -v /tmp/nginx-sites-default.conf /etc/nginx/sites-available/default
if [[ -s /tmp/nginx-sites-default-override.conf ]]; then
cp -v /tmp/nginx-sites-default-override.conf /etc/nginx/sites-available/default
fi
ln -svf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default ln -svf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
sha1sum /etc/nginx/sites-available/default sha1sum /etc/nginx/sites-available/default
systemctl restart nginx systemctl restart nginx

11
spoke-app-provision-wrapper Executable file
View File

@ -0,0 +1,11 @@
#!/usr/bin/env bash
set -o errexit
set -o pipefail
main() {
bash /tmp/spoke-app-provision system0
sudo -H -u spoke bash /tmp/spoke-app-provision spoke0
bash /tmp/spoke-app-provision system1
}
main "${@}"

3
spoke-app-run
View File

@ -7,6 +7,9 @@ main() {
# shellcheck source=/dev/null # shellcheck source=/dev/null
source ~/.nvm/nvm.sh source ~/.nvm/nvm.sh
nvm use nvm use
if [[ -f ./build/server/server/index.js ]]; then
exec node ./build/server/server
fi
exec npm start exec npm start
} }