Newer
Older
An Infrastructure as Code manager to deploy lab infrastructure and configure instances. Working with Atrium, Gitlab CI, Terraform, Cloud-init and Scaleway.
The FORGE (Gitlab) manage Terraform at any state, plan, creation, modification and destruction with the CI. The FORGE store and will provide the configuration information
such as credentials to Terraform only during the running state to improve security, then information are destroyed with the container of the Gitlab Agent.
On run state, Terraform will create, modify and destroy infrastructure resources in Scaleway to match the configuration described in the configuration files.
After the resources provisionned with Terraform, Cloud-init will configure the instances by running bash scripts, creating files... And 3 services will be running for each instance :
- Atrium (Reverse proxy, TLS encryption and HTTPS to the others hosted services)
- Code-server
- Webtop
After deployment, each resource can be accessed though HTTPS depending their count number :
- https://desktop-1.rust-1.daag.alpha.grandlyon.com/
- https://code-1.rust-1.daag.alpha.grandlyon.com/
User :
- Username: abc
- Password: <Gitlab Stored>
Resources deployed :
| resource-type | plan | inbound port |
|----------------------------------|--------|--------------|
| scaleway_instance_ip | | |
| scaleway_domain_record | | |
| scaleway_domain_record | | |
| scaleway_instance_security_group | | 22, 443, 80 |
| scaleway_instance_server | DEV1-L | |
At first, Gitlab CI will run scripts to generate environment variables.
They will be used in Terraform for configuration and securing credentials.
After this, Gitlab CI will initiate Terraform, which create infrastructure matching the configuration.
While deploying resources, especially instances, Terraform will provide the cloud-init.yml script so it can be executed after boot and configure the instances.
Infrastructure is ready, the cloud-init script will run at boot 3 services and leave 3 services running : atrium which serve as a reverse-proxy, code-server and webtop.
Create a file **variables-local.tf** containing the following code :
```hcl
variable "FORGE_PROJECT_ID" {
type = string
description = "Forge Project ID"
default = "your project id"
sensitive = true
}
variable "FORGE_USERNAME" {
type = string
description = "Forge Username"
default = "your username"
sensitive = true
}
variable "FORGE_ACCESS_TOKEN" {
type = string
description = "Forge Access Token"
default = "your access token"
sensitive = true
}
Now, you can create a file for your variables information called **variables-local.tfvars** containing the following code :
```hcl
### SCW variables
SCW_PROJECT_ID = ""
SCW_ACCESS_KEY = ""
SCW_SECRET_KEY = ""
INSTANCES_COUNT = "2"
ENVIRONMENT = "devrust"
### Terraform init - Gitlab remote tfstate
You can grab a init command from your gitlab project on menu Infrastructure > Terraform.
Select your environment and click the actions button, then you will only need to provide a gitlab project token.
Command should look like :
```bash
export GITLAB_ACCESS_TOKEN=<YOUR-ACCESS-TOKEN>
terraform init \
-backend-config="address=https://forge.grandlyon.com/api/v4/projects/875/terraform/state/devrust" \
-backend-config="lock_address=https://forge.grandlyon.com/api/v4/projects/875/terraform/state/devrust/lock" \
-backend-config="unlock_address=https://forge.grandlyon.com/api/v4/projects/875/terraform/state/devrust/lock" \
-backend-config="username=xxxxxxx" \
-backend-config="password=$GITLAB_ACCESS_TOKEN" \
-backend-config="lock_method=POST" \
-backend-config="unlock_method=DELETE" \
-backend-config="retry_wait_min=5"
terraform init -var-file=variables-local.tfvars
```
```bash
terraform plan -var-file=variables-local.tfvars -out=tfplan
```
```bash
terraform destroy -var-file=variables-local.tfvars
```