Skip to content
Snippets Groups Projects
Commit bb2e04ab authored by Nathan RODET's avatar Nathan RODET
Browse files

Merge branch 'develop' into 'main'

Develop

See merge request pocs/alpha-project-manager!1
parents e48d9c4b 48e1a0e0
No related branches found
No related tags found
1 merge request!1Develop
Pipeline #49880 passed
terraform/.terraform.lock.hcl
terraform/.terraform.tfstate.lock.info
terraform/terraform.tfstate*
terraform/variables-local.tf
terraform/variables-local.tfvars
terraform/.terraform/*
terraform/tfplan
.idea
terraform/variables-local.tfvars
terraform/variables-local.tf
......@@ -9,18 +9,13 @@ variables:
before_script:
- cd ${TF_ROOT}
- which ssh-agent || ( apt-get install -qq openssh-client )
- ssh-keygen -b 2048 -t rsa -f ./tf.rsa -q -N "" -C "FORGE alpha-project-manager"
- export TF_VAR_SCW_ACCESS_KEY=${TF_VAR_SCW_ACCESS_KEY}
- export TF_VAR_SCW_SECRET_KEY=${TF_VAR_SCW_SECRET_KEY}
- export TF_VAR_SCW_PROJECT_ID=${TF_VAR_SCW_PROJECT_ID}
- export TF_VAR_INSTANCES_COUNT=${TF_VAR_INSTANCES_COUNT}
- export TF_VAR_USER_PASSWORD=${TF_VAR_USER_PASSWORD}
- export TF_VAR_LETSENCRYPT_EMAIL=${TF_VAR_LETSENCRYPT_EMAIL}
- export TF_VAR_ENVIRONMENT=${ENVIRONMENT}
- export TF_VAR_SCW_SSH_PUB_KEY=$(cat tf.rsa.pub)
- export TF_VAR_SCW_SSH_PRIVATE_KEY=$(cat tf.rsa)
- echo ${TF_VAR_SCW_SSH_PUB_KEY}
- echo ${TF_VAR_SCW_SSH_PRIVATE_KEY}
- echo $(ssh-keygen -E md5 -lf ./tf.rsa.pub)
stages:
- prepare
......
# Alpha Project Manager
An Infrastructure as Code manager to deploy lab infrastructure and configure instances. Working with Atrium, Gitlab CI, Terraform, Cloud-init and Scaleway.
### How does it work ?
The FORGE (Gitlab) manage the Infrastructure with Terraform at any state, plan, creation, modification and destruction with the CI. The FORGE store and will provide the configuration information
such as credentials to Terraform only during the running state to improve security. Then, informations are destroyed with the Gitlab Agent container.
On run state, Terraform will create, modify and destroy infrastructure resources in Scaleway to match the configuration described in the configuration files.
Resources deployed :
| resource-type | plan | inbound port |
|----------------------------------|--------|--------------|
| scaleway_instance_ip | | |
| scaleway_domain_record | | |
| scaleway_domain_record | | |
| scaleway_instance_security_group | | 22, 443, 80 |
| scaleway_instance_server | DEV1-L | |
After the resources provisionned with Terraform, Cloud-init will configure the instances by running bash scripts, creating files... And 3 services will be running for each instance :
- Atrium (Reverse proxy, TLS encryption and HTTPS to the others hosted services)
- Code-server
- Webtop
After deployment, each resource can be accessed though HTTPS depending their count number :
- https://desktop-0.rust-0.daag.alpha.grandlyon.com/
- https://code-0.rust-0.daag.alpha.grandlyon.com/
- https://desktop-1.rust-1.daag.alpha.grandlyon.com/
- https://code-1.rust-1.daag.alpha.grandlyon.com/
User :
- Username: abc
- Password: <Gitlab Stored>
## Setup Terraform Locally
### File Creation - variables-local.tf
First, you must setup 2 local files for your variables :
### variables-local.tf
Create a file **variables-local.tf** containing the following code :
```hcl
......@@ -27,7 +64,7 @@ variable "FORGE_ACCESS_TOKEN" {
sensitive = true
}
```
### File Creation - variables-local.tfvars
### variables-local.tfvars
Now, you can create a file for your variables information called **variables-local.tfvars** containing the following code :
```hcl
......@@ -36,8 +73,6 @@ Now, you can create a file for your variables information called **variables-loc
SCW_PROJECT_ID = ""
SCW_ACCESS_KEY = ""
SCW_SECRET_KEY = ""
SCW_SSH_PUB_KEY = ""
SCW_SSH_PRIVATE_KEY = ""
INSTANCES_COUNT = "2"
ENVIRONMENT = "devrust"
```
......
#!/bin/bash
echo "|------------------------|"
echo "| INITIALISATION DU LABO |"
echo "|------------------------|"
if [ ! -f ".env" ]; then
echo "Créez un fichier .env de la forme suivante :"
echo "SCW_ACCESS_KEY="
echo "SCW_SECRET_KEY="
echo "TF_VAR_PROJECT_ID="
echo "TF_VAR_INSTANCES_COUNT=2"
exit 1
fi
export $(cat .env | xargs)
# Move to Terraform directory
cd ./terraform
# Initialize a Terraform working directory
terraform init
# Generate and show the execution plan
terraform plan
# Build the infrastructure
terraform apply
# Echo Terraform outputs
terraform output
# Move to default directory
cd ..
echo "|--------------|"
echo "| LABO DÉMARRÉ |"
echo "|--------------|"
echo "Se connecter sur les IPs, avec le port 80 pour webtop, et 8080 pour code-server."
echo "Le mot de passe des instances est yfB4W23G."
#!/bin/bash
export $(cat .env | xargs)
terraform destroy
#cloud-config
# System update
package_update: true
package_upgrade: true
# Install Packages
packages:
- curl
- git
write_files:
#
# Atrium config file
#
- content: |
hostname: %atrium_hostname%.daag.alpha.grandlyon.com
debug_mode: false
letsencrypt_email: %atrium_letsencrypt_email%
tls_mode: Auto
apps: # optional : applications served by atrium
- id: 1
name: Code %atrium_count_index%
icon: web_asset
color: 4292030255
is_proxy: true
host: code-%atrium_count_index%
target: localhost:8080
- id: 2
name: Desktop %atrium_count_index%
icon: web_asset
color: 4292030255
is_proxy: true
host: desktop-%atrium_count_index%
target: localhost:8081
path: /root/atrium.yaml
#
# Code-server config file
#
- content: |
bind-addr: 0.0.0.0:8080
auth: password
password: %user_password%
cert: false
path: /root/config.yaml
runcmd:
#
# Install Rust
#
- "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y"
- "source \"$HOME/.cargo/env\""
#
# Install Docker
#
- "curl -fsSL https://get.docker.com -o get-docker.sh"
- "sh get-docker.sh"
#
# Install Atrium
#
- "mkdir -p /root/atrium/data && mkdir -p /root/atrium/letsencrypt_cache"
- 'sed -i "s/%atrium_hostname%/$(scw-userdata atrium_hostname)/g" /root/atrium.yaml'
- 'sed -i "s/%atrium_letsencrypt_email%/$(scw-userdata atrium_letsencrypt_email)/g" /root/atrium.yaml'
- 'sed -i "s/%atrium_count_index%/$(scw-userdata atrium_count_index)/g" /root/atrium.yaml'
- "mv /root/atrium.yaml /root/atrium/atrium.yaml"
- "chown -Rf 1000:1000 /root/atrium"
#
# Run Atrium Container
#
- "docker run -d --name atrium --restart unless-stopped --net=host -v /root/atrium/atrium.yaml:/app/atrium.yaml -v /root/atrium/letsencrypt_cache:/app/letsencrypt_cache -v /root/atrium/data:/app/data nicolaspernoud/atrium:latest"
#
# Install And Run Code Server
#
- "export HOME=/root"
- "export USER=root"
- "mkdir -p /root/.config/code-server/"
- 'sed -i "s/%user_password%/$(scw-userdata user_password)/g" /root/config.yaml'
- "mv /root/config.yaml /root/.config/code-server/config.yaml"
- "curl -fsSL https://code-server.dev/install.sh | sh"
- "sudo systemctl enable --now code-server@$USER"
#
# Run Webtop Container
#
- "docker run -d --name=webtop --security-opt seccomp=unconfined -e PUID=0 -e PGID=0 -e TZ=Europe/Paris -e SUBFOLDER=/ -e KEYBOARD=fr-fr-azerty -e AUTO_LOGIN=false -p 8081:3000 -v /root/webtop:/config -v /var/run/docker.sock:/var/run/docker.sock --shm-size=8gb --cap-add=NET_ADMIN --privileged --restart unless-stopped --sysctl net.ipv6.conf.all.disable_ipv6=0 lscr.io/linuxserver/webtop:ubuntu-xfce"
- 'echo "$(scw-userdata user_password)\n$(scw-userdata user_password)" | docker exec -i webtop passwd abc'
#
# Install Repository
#
- "git clone https://github.com/NathanRodet/rust-axum-demo /root/rust-axum-demo"
\ No newline at end of file
hostname: labo.alpha.grandlyon.com
# The content of this file is recreated by cloud init.
hostname: %atrium_hostname%.daag.alpha.grandlyon.com
debug_mode: false
letsencrypt_email: nrodet@alpha.grandlyon.com
letsencrypt_email: %atrium_letsencrypt_email%
tls_mode: Auto
apps: # optional : applications served by atrium
- id: $COUNT
name: Code
- id: 1
name: Code %atrium_count_index%
icon: web_asset
color: 4292030255
is_proxy: true
host: instance$COUNT-code
target: $PRIVATE_IP:8080
apps: # optional : applications served by atrium
- id: $COUNT
name: Desktop
host: code-%atrium_count_index%
target: localhost:8080
- id: 2
name: Desktop %atrium_count_index%
icon: web_asset
color: 4292030255
is_proxy: true
host: instance$COUNT-desktop
target: $PRIVATE_IP:8081
\ No newline at end of file
host: desktop-%atrium_count_index%
target: localhost:8081
\ No newline at end of file
# The content of this file is recreated by cloud init.
bind-addr: 0.0.0.0:8080
auth: password
password: %user_password%
cert: false
\ No newline at end of file
cat<<EOF >> ./atrium.yaml
hostname: labo.alpha.grandlyon.com
debug_mode: false
letsencrypt_email: nrodet@alpha.grandlyon.com
apps: # optional : applications served by atrium
- id: "$COUNT"
name: Code
icon: web_asset
color: 4292030255
is_proxy: true
host: machine$COUNT-code
target: $PRIVATE_IP:8080
apps: # optional : applications served by atrium
- id: "$COUNT"
name: Desktop
icon: web_asset
color: 4292030255
is_proxy: true
host: machine$COUNT-desktop
target: $PRIVATE_IP:8081
EOF
#!/bin/bash
docker stop webtop
docker rm webtop
docker run -d \
--name=webtop \
--security-opt seccomp=unconfined \
-e PUID=0 \
-e PGID=0 \
-e TZ=Europe/Paris \
-e SUBFOLDER=/ \
-e KEYBOARD=fr-fr-azerty \
-e AUTO_LOGIN=false \
-p 80:3000 \
-v /root/webtop_data/:/config \
-v /var/run/docker.sock:/var/run/docker.sock \
--shm-size="8gb" \
--cap-add=NET_ADMIN \
--privileged \
--restart unless-stopped \
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
lscr.io/linuxserver/webtop:ubuntu-xfce
############
# Terraform SSH key
############
resource "scaleway_account_ssh_key" "ssh_key" {
name = "FORGE alpha_project_manager"
public_key = var.SCW_SSH_PUB_KEY
}
############
# Public IP
############
......@@ -23,7 +14,7 @@ resource "scaleway_instance_ip" "public_ip" {
resource "scaleway_domain_record" "subdomain_record" {
count = var.INSTANCES_COUNT
dns_zone = "daag.alpha.grandlyon.com"
name = "lab-${count.index}-daag-${var.ENVIRONMENT}"
name = "${var.ENVIRONMENT}-${count.index}"
type = "A"
data = scaleway_instance_ip.public_ip[count.index].address
ttl = 3600
......@@ -32,7 +23,7 @@ resource "scaleway_domain_record" "subdomain_record" {
resource "scaleway_domain_record" "host_subdomain_record" {
count = var.INSTANCES_COUNT
dns_zone = "daag.alpha.grandlyon.com"
name = "*.lab-${count.index}-daag-${var.ENVIRONMENT}"
name = "*.${var.ENVIRONMENT}-${count.index}"
type = "A"
data = scaleway_instance_ip.public_ip[count.index].address
ttl = 3600
......@@ -44,29 +35,20 @@ resource "scaleway_domain_record" "host_subdomain_record" {
resource "scaleway_instance_security_group" "www" {
project_id = var.SCW_PROJECT_ID
name = "security-group-daag-lab-${var.ENVIRONMENT}"
name = "security-group-${var.ENVIRONMENT}"
inbound_default_policy = "drop"
outbound_default_policy = "accept"
inbound_rule {
action = "accept"
port = "22"
}
inbound_rule {
action = "accept"
port = "80"
port = "443"
}
inbound_rule {
action = "accept"
port = "8080"
port = "22"
}
inbound_rule {
action = "accept"
port = "443"
}
}
##############################
......@@ -76,48 +58,24 @@ resource "scaleway_instance_security_group" "www" {
resource "scaleway_instance_server" "user_instance_server" {
count = var.INSTANCES_COUNT
project_id = var.SCW_PROJECT_ID
name = "instance-${count.index}-daag-lab-${var.ENVIRONMENT}"
name = "instance${count.index}-${var.ENVIRONMENT}"
type = "DEV1-L"
image = "ubuntu_jammy"
ip_id = scaleway_instance_ip.public_ip[count.index].id
security_group_id = scaleway_instance_security_group.www.id
depends_on = [
scaleway_account_ssh_key.ssh_key,
scaleway_instance_security_group.www
]
}
user_data = {
atrium_count_index = count.index
atrium_hostname = scaleway_domain_record.subdomain_record[count.index].name
atrium_letsencrypt_email = var.LETSENCRYPT_EMAIL
user_password = var.USER_PASSWORD
cloud-init = file("../instance-scripts/cloud-init.yml")
}
resource "null_resource" "provisioner" {
count = var.INSTANCES_COUNT
depends_on = [
scaleway_instance_server.user_instance_server
scaleway_instance_ip.public_ip,
scaleway_instance_security_group.www,
scaleway_domain_record.host_subdomain_record,
scaleway_domain_record.subdomain_record
]
connection {
host = element(scaleway_instance_ip.public_ip.*.address, count.index)
type = "ssh"
user = "root"
private_key = var.SCW_SSH_PRIVATE_KEY
timeout = "2m"
}
// Install Rust
provisioner "remote-exec" {
inline = [
"apt-get update -y'",
"curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y'",
"source \"$HOME/.cargo/env\"",
]
}
// Install Code-server
provisioner "remote-exec" {
inline = [
"curl -fsSL https://code-server.dev/install.sh | sh",
"mkdir -p /root/.config/code-server/",
"echo 'bind-addr: 0.0.0.0:8080\nauth: password\npassword: yfB4W23G\ncert: false\n' > /root/.config/code-server/config.yaml",
"systemctl enable --now code-server@$USER"
]
}
}
\ No newline at end of file
......@@ -4,5 +4,5 @@
output "public_ip_address" {
value = scaleway_instance_ip.public_ip[*].address
sensitive = false
sensitive = true
}
\ No newline at end of file
......@@ -18,16 +18,16 @@ variable "SCW_SECRET_KEY" {
description = "Scaleway secret key"
}
variable "SCW_SSH_PUB_KEY" {
variable "LETSENCRYPT_EMAIL" {
type = string
sensitive = true
description = "SSH public key from Gitlab agent installed on scaleway"
description = "User password for accessing services"
}
variable "SCW_SSH_PRIVATE_KEY" {
variable "USER_PASSWORD" {
type = string
sensitive = true
description = "SSH private key from Gitlab agent for remote-exec"
description = "User password for accessing services"
}
variable "INSTANCES_COUNT" {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment