Update via terraform-docs

Many updates! terraform 0.14 formatting, nginx compat, error handling
2021-04-06 11:05:31 -04:00 · 2021-04-06 10:54:30 -04:00
5 changed files with 106 additions and 67 deletions
--- a/README.md
+++ b/README.md
@@ -52,42 +52,58 @@ module "digitalocean_spoke" {

 | Name | Version |
 |------|---------|
-| terraform | >= 0.13 |
-| digitalocean | >= 1.22 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13 |
+| <a name="requirement_digitalocean"></a> [digitalocean](#requirement\_digitalocean) | >= 1.22 |

 ## Providers

 | Name | Version |
 |------|---------|
-| digitalocean | >= 1.22 |
-| null | n/a |
-| random | n/a |
+| <a name="provider_digitalocean"></a> [digitalocean](#provider\_digitalocean) | >= 1.22 |
+| <a name="provider_null"></a> [null](#provider\_null) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [digitalocean_droplet.app](https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/droplet) | resource |
+| [digitalocean_firewall.app](https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/firewall) | resource |
+| [digitalocean_floating_ip.app](https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/floating_ip) | resource |
+| [digitalocean_ssh_key.app](https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/ssh_key) | resource |
+| [null_resource.app_provision](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
+| [random_string.pg_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
+| [random_string.session_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |

 ## Inputs

 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| base\_url | Fully qualified https URL of the app | `string` | n/a | yes |
-| cert\_certificate | Certificate with leaf and intermediates to pass to nginx | `string` | n/a | yes |
-| cert\_private\_key | Certificate key to pass to nginx | `string` | n/a | yes |
-| droplet\_image | Image to use when provisioning app droplet | `string` | `"ubuntu-20-04-x64"` | no |
-| droplet\_size | Size value passed when provisioning app droplet | `string` | `"s-1vcpu-1gb"` | no |
-| env | Arbitrary *additional* environment variables passed at build time and run time | `map(string)` | `{}` | no |
-| node\_env | Value defined at build time and run time as NODE\_ENV | `string` | `"production"` | no |
-| node\_options | Value defined at build time and run time as NODE\_OPTIONS | `string` | `"--max_old_space_size=8192"` | no |
-| port | TCP port used to communicate between droplet and nginx | `string` | `"3000"` | no |
-| region | Region in which all resources will be provisioned | `string` | `"nyc1"` | no |
-| resource\_prefix | Prefix prepended to resource names | `string` | `"spoke-"` | no |
-| server\_name | Server name used in nginx config | `string` | n/a | yes |
-| spoke\_version | Git ref of MoveOnOrg/Spoke to deploy | `string` | `"v8.0"` | no |
-| ssh\_keys | List of ssh public keys to pass to droplet provisioning | `list(string)` | n/a | yes |
+| <a name="input_base_url"></a> [base\_url](#input\_base\_url) | Fully qualified https URL of the app | `string` | n/a | yes |
+| <a name="input_cert_certificate"></a> [cert\_certificate](#input\_cert\_certificate) | Certificate with leaf and intermediates to pass to nginx | `string` | n/a | yes |
+| <a name="input_cert_private_key"></a> [cert\_private\_key](#input\_cert\_private\_key) | Certificate key to pass to nginx | `string` | n/a | yes |
+| <a name="input_droplet_image"></a> [droplet\_image](#input\_droplet\_image) | Image to use when provisioning app droplet | `string` | `"ubuntu-20-04-x64"` | no |
+| <a name="input_droplet_size"></a> [droplet\_size](#input\_droplet\_size) | Size value passed when provisioning app droplet | `string` | `"s-1vcpu-1gb"` | no |
+| <a name="input_env"></a> [env](#input\_env) | Arbitrary *additional* environment variables passed at build time and run time | `map(string)` | `{}` | no |
+| <a name="input_nginx_site_override_conf"></a> [nginx\_site\_override\_conf](#input\_nginx\_site\_override\_conf) | Complete nginx site configuration override | `string` | `""` | no |
+| <a name="input_node_env"></a> [node\_env](#input\_node\_env) | Value defined at build time and run time as NODE\_ENV | `string` | `"production"` | no |
+| <a name="input_node_options"></a> [node\_options](#input\_node\_options) | Value defined at build time and run time as NODE\_OPTIONS | `string` | `"--max_old_space_size=8192"` | no |
+| <a name="input_port"></a> [port](#input\_port) | TCP port used to communicate between droplet and nginx | `string` | `"3000"` | no |
+| <a name="input_region"></a> [region](#input\_region) | Region in which all resources will be provisioned | `string` | `"nyc1"` | no |
+| <a name="input_resource_prefix"></a> [resource\_prefix](#input\_resource\_prefix) | Prefix prepended to resource names | `string` | `"spoke-"` | no |
+| <a name="input_server_name"></a> [server\_name](#input\_server\_name) | Server name used in nginx config | `string` | n/a | yes |
+| <a name="input_spoke_version"></a> [spoke\_version](#input\_spoke\_version) | Git ref of MoveOnOrg/Spoke to deploy | `string` | `"v8.0"` | no |
+| <a name="input_ssh_keys"></a> [ssh\_keys](#input\_ssh\_keys) | List of ssh public keys to pass to droplet provisioning | `list(string)` | n/a | yes |

 ## Outputs

 | Name | Description |
 |------|-------------|
-| droplet\_ipv4\_address | ipv4 address of the droplet |
-| droplet\_urn | urn of the droplet suitable for adding to project resources |
-| floating\_ip\_address | floating IP address assigned to the droplet suitable for creating a DNS A record |
-| floating\_ip\_urn | urn of the floating IP address assigned to the droplet suitable for adding to project resources |
-
+| <a name="output_droplet_ipv4_address"></a> [droplet\_ipv4\_address](#output\_droplet\_ipv4\_address) | ipv4 address of the droplet |
+| <a name="output_droplet_urn"></a> [droplet\_urn](#output\_droplet\_urn) | urn of the droplet suitable for adding to project resources |
+| <a name="output_floating_ip_address"></a> [floating\_ip\_address](#output\_floating\_ip\_address) | floating IP address assigned to the droplet suitable for creating a DNS A record |
+| <a name="output_floating_ip_urn"></a> [floating\_ip\_urn](#output\_floating\_ip\_urn) | urn of the floating IP address assigned to the droplet suitable for adding to project resources |
--- a/main.tf
+++ b/main.tf
@@ -65,92 +65,97 @@ terraform {
  }
 }

-variable server_name {
+variable "server_name" {
  description = "Server name used in nginx config"
  type        = string
 }

-variable base_url {
+variable "base_url" {
  description = "Fully qualified https URL of the app"
  type        = string
 }

-variable resource_prefix {
+variable "resource_prefix" {
  description = "Prefix prepended to resource names"
  default     = "spoke-"
  type        = string
 }

-variable node_options {
+variable "nginx_site_override_conf" {
+  description = "Complete nginx site configuration override"
+  default     = ""
+}
+
+variable "node_options" {
  description = "Value defined at build time and run time as NODE_OPTIONS"
  default     = "--max_old_space_size=8192"
  type        = string
 }

-variable node_env {
+variable "node_env" {
  description = "Value defined at build time and run time as NODE_ENV"
  default     = "production"
  type        = string
 }

-variable port {
+variable "port" {
  description = "TCP port used to communicate between droplet and nginx"
  default     = "3000"
  type        = string
 }

-variable droplet_image {
+variable "droplet_image" {
  description = "Image to use when provisioning app droplet"
  default     = "ubuntu-20-04-x64"
  type        = string
 }

-variable droplet_size {
+variable "droplet_size" {
  description = "Size value passed when provisioning app droplet"
  default     = "s-1vcpu-1gb"
  type        = string
 }

-variable region {
+variable "region" {
  description = "Region in which all resources will be provisioned"
  default     = "nyc1"
  type        = string
 }

-variable spoke_version {
+variable "spoke_version" {
  description = "Git ref of MoveOnOrg/Spoke to deploy"
  default     = "v8.0"
  type        = string
 }

-variable ssh_keys {
+variable "ssh_keys" {
  type        = list(string)
  description = "List of ssh public keys to pass to droplet provisioning"
 }

-variable cert_private_key {
+variable "cert_private_key" {
  description = "Certificate key to pass to nginx"
  type        = string
 }

-variable cert_certificate {
+variable "cert_certificate" {
  description = "Certificate with leaf and intermediates to pass to nginx"
  type        = string
 }

-variable env {
+variable "env" {
  description = "Arbitrary *additional* environment variables passed at build time and run time"
  default     = {}
  type        = map(string)
 }

-resource digitalocean_ssh_key app {
+resource "digitalocean_ssh_key" "app" {
  count      = length(var.ssh_keys)
  name       = "${var.resource_prefix}app-${count.index}"
  public_key = element(var.ssh_keys, count.index)
 }

-resource digitalocean_droplet app {
+resource "digitalocean_droplet" "app" {
  image  = var.droplet_image
  name   = "${var.resource_prefix}app"
  region = var.region
@@ -159,17 +164,17 @@ resource digitalocean_droplet app {
  ssh_keys = digitalocean_ssh_key.app[*].id
 }

-resource digitalocean_floating_ip app {
+resource "digitalocean_floating_ip" "app" {
  droplet_id = digitalocean_droplet.app.id
  region     = digitalocean_droplet.app.region
 }

-resource digitalocean_firewall app {
+resource "digitalocean_firewall" "app" {
  name = "pghdsa-spoke-app"

  droplet_ids = [digitalocean_droplet.app.id]

-  dynamic inbound_rule {
+  dynamic "inbound_rule" {
    for_each = ["22", "80", "443"]
    content {
      protocol         = "tcp"
@@ -183,7 +188,7 @@ resource digitalocean_firewall app {
    source_addresses = ["0.0.0.0/0", "::/0"]
  }

-  dynamic outbound_rule {
+  dynamic "outbound_rule" {
    for_each = ["tcp", "udp"]
    content {
      protocol              = outbound_rule.value
@@ -198,12 +203,12 @@ resource digitalocean_firewall app {
  }
 }

-resource random_string session_secret {
+resource "random_string" "session_secret" {
  length  = 199
  special = false
 }

-resource random_string pg_password {
+resource "random_string" "pg_password" {
  length = 31
 }

@@ -231,7 +236,7 @@ locals {
  }, var.env)
 }

-resource null_resource app_provision {
+resource "null_resource" "app_provision" {
  triggers = {
    droplet_id            = digitalocean_droplet.app.id
    provision_script_sha1 = filesha1("${path.module}/spoke-app-provision")
@@ -251,17 +256,17 @@ resource null_resource app_provision {
    host = digitalocean_droplet.app.ipv4_address
  }

-  provisioner file {
+  provisioner "file" {
    source      = "${path.module}/spoke-app-provision"
    destination = "/tmp/spoke-app-provision"
  }

-  provisioner file {
+  provisioner "file" {
    source      = "${path.module}/spoke-app-run"
    destination = "/tmp/spoke-app-run"
  }

-  provisioner file {
+  provisioner "file" {
    content = templatefile("${path.module}/nginx-sites-default.conf.tpl", {
      server_name = var.server_name,
      port        = var.port,
@@ -269,17 +274,22 @@ resource null_resource app_provision {
    destination = "/tmp/nginx-sites-default.conf"
  }

-  provisioner file {
+  provisioner "file" {
+    content     = var.nginx_site_override_conf
+    destination = "/tmp/nginx-sites-default-override.conf"
+  }
+
+  provisioner "file" {
    content     = var.cert_certificate
    destination = "/tmp/spoke.crt"
  }

-  provisioner file {
+  provisioner "file" {
    content     = var.cert_private_key
    destination = "/tmp/spoke.key"
  }

-  provisioner file {
+  provisioner "file" {
    content = <<-ENVTMPL
 %{for key, value in local.env_map~}
 ${key}='${value}'
@@ -289,36 +299,32 @@ ENVTMPL
    destination = "/tmp/app.env"
  }

-  provisioner file {
+  provisioner "file" {
    source      = "${path.module}/spoke.service"
    destination = "/tmp/spoke.service"
  }

-  provisioner remote-exec {
-    inline = [
-      "bash /tmp/spoke-app-provision system0",
-      "sudo -H -u spoke bash /tmp/spoke-app-provision spoke0",
-      "bash /tmp/spoke-app-provision system1",
-    ]
+  provisioner "remote-exec" {
+    script = "${path.module}/spoke-app-provision-wrapper"
  }
 }

-output droplet_urn {
+output "droplet_urn" {
  description = "urn of the droplet suitable for adding to project resources"
  value       = digitalocean_droplet.app.urn
 }

-output droplet_ipv4_address {
+output "droplet_ipv4_address" {
  description = "ipv4 address of the droplet"
  value       = digitalocean_droplet.app.ipv4_address
 }

-output floating_ip_address {
+output "floating_ip_address" {
  description = "floating IP address assigned to the droplet suitable for creating a DNS A record"
  value       = digitalocean_floating_ip.app.ip_address
 }

-output floating_ip_urn {
+output "floating_ip_urn" {
  description = "urn of the floating IP address assigned to the droplet suitable for adding to project resources"
  value       = digitalocean_floating_ip.app.urn
 }
--- a/9
+++ b/9
@@ -40,15 +40,15 @@ _run_system0() {
    redis

  dpkg --get-selections || true |
-    if ! grep -qE '^postgresql-client-11.+install$'; then
+    if ! grep -qE '^postgresql-client-13.+install$'; then
      echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" |
        sudo tee /etc/apt/sources.list.d/pgdg.list &>/dev/null
      curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
      sudo apt-get update -y
-      sudo apt-get install -y postgresql-11 postgresql-client-11
+      sudo apt-get install -y postgresql-13 postgresql-client-13
    fi

-  pg_ctlcluster 11 main start
+  pg_ctlcluster 13 main start
  sudo -H -u postgres bash <<PGSETUP
    set -o allexport
    # shellcheck source=/dev/null
@@ -80,6 +80,9 @@ PGSETUP
  chmod 0600 /home/spoke/spoke.crt /home/spoke/spoke.key
  chown spoke /home/spoke/spoke.crt /home/spoke/spoke.key
  cp -v /tmp/nginx-sites-default.conf /etc/nginx/sites-available/default
+  if [[ -s /tmp/nginx-sites-default-override.conf ]]; then
+    cp -v /tmp/nginx-sites-default-override.conf /etc/nginx/sites-available/default
+  fi
  ln -svf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
  sha1sum /etc/nginx/sites-available/default
  systemctl restart nginx
--- a/11
+++ b/11
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -o errexit
+set -o pipefail
+
+main() {
+  bash /tmp/spoke-app-provision system0
+  sudo -H -u spoke bash /tmp/spoke-app-provision spoke0
+  bash /tmp/spoke-app-provision system1
+}
+
+main "${@}"
--- a/3
+++ b/3
@@ -7,6 +7,9 @@ main() {
  # shellcheck source=/dev/null
  source ~/.nvm/nvm.sh
  nvm use
+  if [[ -f ./build/server/server/index.js ]]; then
+    exec node ./build/server/server
+  fi
  exec npm start
 }
Author	SHA1	Message	Date
Dan Buch	fdc0f63b79	Update via terraform-docs	2021-04-06 11:05:31 -04:00
Dan Buch	c1a57ba5d1	Many updates! terraform 0.14 formatting, nginx compat, error handling	2021-04-06 10:54:30 -04:00