Merge pull request StubbornJava#62 from StubbornJava/f/terraform

rodriguezsergio · web-flow · commit 1ac0031b4738 · 2018-01-03T21:30:42.000-05:00
add jenkins + terraform
diff --git a/.gitignore b/.gitignore
@@ -21,3 +21,6 @@ gradlew.bat
 
 .vault_pw.txt
 **.retry
+
+terraform.tfstate*
+.terraform/
diff --git a/ansible/ci.yml b/ansible/ci.yml
@@ -0,0 +1,17 @@
+# Run with ANSIBLE_ROLES_PATH=$ANSIBLE_ROLES_PATH:ansible/galaxy_roles ansible-playbook -i ansible/hosts ansible/ci.yml
+---
+- hosts: tag_Role_ci
+  become: true
+  vars:
+    java_home: "/usr/lib/jvm/jre-1.8.0-openjdk.x86_64"
+    java_packages:
+      - java-1.8.0-openjdk
+    nginx_sites:
+     default:
+         - listen 80
+         - server_name _
+         - return 301 https://jenkins.stubbornjava.com$request_uri
+  roles:
+    - galaxy_roles/geerlingguy.java
+    - galaxy_roles/geerlingguy.jenkins
+    - galaxy_roles/jdauphant.nginx
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
@@ -0,0 +1,2 @@
+---
+ansible_user: ec2-user
diff --git a/ansible/install_roles.yml b/ansible/install_roles.yml
@@ -1,4 +1,10 @@
-# ansible-galaxy install -r install_roles.yml
+# ansible-galaxy install --roles-path=galaxy_roles/ -r install_roles.yml 
 
 - src: geerlingguy.java
   version: 1.7.4
+
+- src: geerlingguy.jenkins
+  version: 3.2.1
+
+- src: jdauphant.nginx
+  version: v2.12.3
diff --git a/terraform/global.tfvars b/terraform/global.tfvars
@@ -0,0 +1,3 @@
+amis = {
+    amazon-linux-2017-09 = "ami-8c1be5f6"
+}
diff --git a/terraform/lb.tf b/terraform/lb.tf
@@ -0,0 +1,181 @@
+data "aws_acm_certificate" "stubbornjava" {
+  domain   = "stubbornjava.com"
+  statuses = ["ISSUED"]
+}
+
+data "aws_acm_certificate" "wildcard_stubbornjava" {
+  domain   = "*.stubbornjava.com"
+  statuses = ["ISSUED"]
+}
+
+resource "aws_alb" "StubbornJavaLB" {
+  name               = "StubbornJavaLB"
+  internal           = false
+  load_balancer_type = "application"
+  security_groups    = ["sg-d10c37ac"]
+  subnets            = ["${data.aws_subnet_ids.public.ids}"]
+  ip_address_type    = "ipv4"
+
+  enable_deletion_protection = true
+}
+
+resource "aws_lb_target_group" "StubbornJavaWeb" {
+  name     = "StubbornJavaWeb"
+  port     = 8080
+  protocol = "HTTP"
+  vpc_id   = "${data.aws_vpc.selected.id}"
+
+  health_check {
+    interval            = 30
+    path                = "/"
+    port                = "traffic-port"
+    protocol            = "HTTP"
+    timeout             = 5
+    healthy_threshold   = 5
+    unhealthy_threshold = 2
+    matcher             = 200
+  }
+}
+
+resource "aws_lb_listener" "sj_https" {
+  load_balancer_arn = "${aws_alb.StubbornJavaLB.arn}"
+  port              = "443"
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-2015-05"
+  certificate_arn   = "${data.aws_acm_certificate.stubbornjava.arn}"
+
+  default_action {
+    target_group_arn = "${aws_lb_target_group.StubbornJavaWeb.arn}"
+    type             = "forward"
+  }
+}
+
+resource "aws_lb_listener" "sj_http" {
+  load_balancer_arn = "${aws_alb.StubbornJavaLB.arn}"
+  port              = "80"
+  protocol          = "HTTP"
+
+  default_action {
+    target_group_arn = "${aws_lb_target_group.StubbornJavaWeb.arn}"
+    type             = "forward"
+  }
+}
+
+resource "aws_lb_target_group_attachment" "StubbornJavaWeb" {
+  target_group_arn = "${aws_lb_target_group.StubbornJavaWeb.arn}"
+  target_id        = "i-0839a0bbe4cd3cf40"
+  port             = 8080
+}
+
+resource "aws_alb" "InternalAppsLB" {
+  name               = "InternalAppsLB"
+  internal           = false
+  load_balancer_type = "application"
+  security_groups    = ["sg-3d320448"]
+  subnets            = ["${data.aws_subnet_ids.public.ids}"]
+  ip_address_type    = "ipv4"
+
+  enable_deletion_protection = true
+}
+
+resource "aws_lb_target_group" "InternalApps80" {
+  name     = "InternalApps80"
+  port     = 80
+  protocol = "HTTP"
+  vpc_id   = "vpc-e130ee84"
+
+  health_check {
+    interval            = 30
+    path                = "/"
+    port                = "traffic-port"
+    protocol            = "HTTP"
+    timeout             = 5
+    healthy_threshold   = 5
+    unhealthy_threshold = 2
+    matcher             = 301
+  }
+}
+
+resource "aws_lb_target_group" "Jenkins8080" {
+  name     = "Jenkins8080"
+  port     = 8080
+  protocol = "HTTP"
+  vpc_id   = "vpc-e130ee84"
+
+  health_check {
+    interval            = 30
+    path                = "/"
+    port                = "traffic-port"
+    protocol            = "HTTP"
+    timeout             = 5
+    healthy_threshold   = 5
+    unhealthy_threshold = 2
+    matcher             = 403
+  }
+}
+
+resource "aws_lb_listener" "internal_https" {
+  load_balancer_arn = "${aws_alb.InternalAppsLB.arn}"
+  port              = "443"
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-2015-05"
+  certificate_arn   = "${data.aws_acm_certificate.wildcard_stubbornjava.arn}"
+
+  default_action {
+    target_group_arn = "${aws_lb_target_group.Jenkins8080.arn}"
+    type             = "forward"
+  }
+}
+
+resource "aws_lb_listener" "internal_http" {
+  load_balancer_arn = "${aws_alb.InternalAppsLB.arn}"
+  port              = "80"
+  protocol          = "HTTP"
+
+  default_action {
+    target_group_arn = "${aws_lb_target_group.InternalApps80.arn}"
+    type             = "forward"
+  }
+}
+
+resource "aws_lb_target_group_attachment" "InternalApps80" {
+  target_group_arn = "${aws_lb_target_group.InternalApps80.arn}"
+  target_id        = "${aws_instance.ci.id}"
+  port             = 80
+}
+
+resource "aws_lb_target_group_attachment" "Jenkins8080" {
+  target_group_arn = "${aws_lb_target_group.Jenkins8080.arn}"
+  target_id        = "${aws_instance.ci.id}"
+  port             = 8080
+}
+
+resource "aws_lb_listener_rule" "jenkins_http" {
+ listener_arn = "${aws_lb_listener.internal_http.arn}"
+ priority     = 99
+
+ action {
+   type             = "forward"
+   target_group_arn = "${aws_lb_target_group.InternalApps80.arn}"
+ }
+
+ condition {
+   field  = "host-header"
+   values = ["jenkins.stubbornjava.com"]
+ }
+}
+
+resource "aws_lb_listener_rule" "jenkins_https" {
+ listener_arn = "${aws_lb_listener.internal_https.arn}"
+ priority     = 99
+
+ action {
+   type             = "forward"
+   target_group_arn = "${aws_lb_target_group.Jenkins8080.arn}"
+ }
+
+ condition {
+   field  = "host-header"
+   values = ["jenkins.stubbornjava.com"]
+ }
+}
diff --git a/terraform/r53.tf b/terraform/r53.tf
@@ -0,0 +1,73 @@
+resource "aws_route53_zone" "stubbornjava" {
+  name = "stubbornjava.com."
+  comment = "HostedZone created by Route53 Registrar"
+  force_destroy = false
+}
+
+resource "aws_route53_record" "acm_wildcard_validation" {
+  zone_id = "${aws_route53_zone.stubbornjava.zone_id}"
+  name    = "_0aae0c14fdb61a1eace4820316e1b289.${aws_route53_zone.stubbornjava.name}"
+  type    = "CNAME"
+  ttl     = "300"
+  records = ["_0285fe9cd2fa8d2e5b3307a3d627e407.acm-validations.aws"]
+}
+
+resource "aws_route53_record" "elb" {
+  zone_id = "${aws_route53_zone.stubbornjava.zone_id}"
+  name    = "${aws_route53_zone.stubbornjava.name}"
+  type    = "A"
+
+  alias {
+    name                   = "${lower(aws_alb.StubbornJavaLB.dns_name)}"
+    zone_id                = "${aws_alb.StubbornJavaLB.zone_id}"
+    evaluate_target_health = false
+  }
+}
+
+resource "aws_route53_record" "www" {
+  zone_id = "${aws_route53_zone.stubbornjava.zone_id}"
+  name    = "www.${aws_route53_zone.stubbornjava.name}"
+  type    = "A"
+
+  alias {
+    name                   = "${aws_route53_zone.stubbornjava.name}"
+    zone_id                = "${aws_route53_zone.stubbornjava.zone_id}"
+    evaluate_target_health = false
+  }
+}
+
+resource "aws_route53_record" "www_local" {
+  zone_id = "${aws_route53_zone.stubbornjava.zone_id}"
+  name    = "www.local.${aws_route53_zone.stubbornjava.name}"
+  type    = "A"
+  ttl     = 300
+  records = ["127.0.0.1"]
+}
+
+resource "aws_route53_record" "local" {
+  zone_id = "${aws_route53_zone.stubbornjava.zone_id}"
+  name    = "local.${aws_route53_zone.stubbornjava.name}"
+  type    = "A"
+  ttl     = 300
+  records = ["127.0.0.1"]
+}
+
+resource "aws_route53_record" "jenkins" {
+  zone_id = "${aws_route53_zone.stubbornjava.zone_id}"
+  name    = "jenkins.${aws_route53_zone.stubbornjava.name}"
+  type    = "A"
+
+  alias {
+    name                   = "${lower(aws_alb.InternalAppsLB.dns_name)}"
+    zone_id                = "${aws_alb.InternalAppsLB.zone_id}"
+    evaluate_target_health = false
+  }
+}
+
+resource "aws_route53_record" "git" {
+  zone_id = "${aws_route53_zone.stubbornjava.zone_id}"
+  name    = "git.${aws_route53_zone.stubbornjava.name}"
+  type    = "TXT"
+  ttl     = 300
+  records = ["https://github.com/StubbornJava"]
+}
diff --git a/terraform/s3.tf b/terraform/s3.tf
@@ -0,0 +1,7 @@
+terraform {
+  backend "s3" {
+    bucket = "stubbornjava-terraform"
+    key    = "prod/terraform.tfstate"
+    region = "us-east-1"
+  }
+}
diff --git a/terraform/stubbornjava.tf b/terraform/stubbornjava.tf
@@ -0,0 +1,33 @@
+provider "aws" {
+  region = "us-east-1"
+}
+
+variable "amis" {
+    type = "map"
+    default = {}
+}
+
+# TODO: import stubbornjava-webapp
+
+resource "aws_instance" "ci" {
+  count                       = 1
+  ami                         = "${var.amis["amazon-linux-2017-09"]}"
+  disable_api_termination     = true
+  instance_type               = "t2.micro"
+  monitoring                  = false
+  subnet_id                   = "${element(data.aws_subnet_ids.public.ids, count.index)}"
+  key_name                    = "stubbornjava"
+  vpc_security_group_ids      = ["sg-e10c3a94", "sg-1a39ad66"]
+  associate_public_ip_address = true
+
+  tags {
+    Name = "Jenkins"
+    Role = "ci"
+  }
+
+  root_block_device {
+    volume_type               = "gp2"
+    volume_size               = 20
+    delete_on_termination     = true
+  }
+}
diff --git a/terraform/vpc.tf b/terraform/vpc.tf
@@ -0,0 +1,10 @@
+data "aws_vpc" "selected" {
+  state = "available"
+}
+
+data "aws_subnet_ids" "public" {
+  vpc_id = "${data.aws_vpc.selected.id}"
+  tags {
+    Public = "Yes"
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+amis = {`
	`2`	`+ amazon-linux-2017-09 = "ami-8c1be5f6"`
	`3`	`+}`