-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5 from Otus-DevOps-2018-09/terraform-1
Terraform 1
- Loading branch information
Showing
10 changed files
with
238 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,6 @@ | ||
variables.json | ||
*.tfstate | ||
*.tfstate.*.backup | ||
*.tfstate.backup | ||
*.tfvars | ||
.terraform/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
#!/bin/bash | ||
set -e | ||
|
||
APP_DIR=${1:-$HOME} | ||
|
||
git clone -b monolith https://github.com/express42/reddit.git $APP_DIR/reddit | ||
cd $APP_DIR/reddit | ||
bundle install | ||
|
||
sudo mv /tmp/puma.service /etc/systemd/system/puma.service | ||
sudo systemctl start puma | ||
sudo systemctl enable puma |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
[Unit] | ||
Description=Puma HTTP Server | ||
After=network.target | ||
|
||
[Service] | ||
Type=simple | ||
User=appuser | ||
WorkingDirectory=/home/appuser/reddit | ||
ExecStart=/bin/bash -lc 'puma' | ||
Restart=always | ||
|
||
[Install] | ||
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
# Группа ВМ с приложениями | ||
resource "google_compute_instance_group" "reddit-app-inst-group" { | ||
name = "reddit-app-inst-group-name" | ||
|
||
instances = [ | ||
"${google_compute_instance.app.*.self_link}", | ||
] | ||
|
||
named_port { | ||
name = "puma-9292" | ||
port = "9292" | ||
} | ||
|
||
zone = "${var.zone}" | ||
} | ||
|
||
# Сервис проверки "здоровья" нашего приложения. То, что обеспечивает отказоустойчивость. | ||
resource "google_compute_http_health_check" "reddit-app-health-check" { | ||
name = "reddit-app-health-check-name" | ||
request_path = "/" | ||
check_interval_sec = 1 | ||
timeout_sec = 1 | ||
port = "9292" | ||
} | ||
|
||
# То, что перенаправляет пользователя на определённый бэкэнд, учитывая проверку "здоровья" инстанса. | ||
resource "google_compute_backend_service" "reddit-app-backend-service" { | ||
name = "reddit-app-backend-service-name" | ||
port_name = "puma-9292" | ||
protocol = "HTTP" | ||
timeout_sec = 3 | ||
|
||
health_checks = [ | ||
"${google_compute_http_health_check.reddit-app-health-check.self_link}", | ||
] | ||
|
||
backend = { | ||
group = "${google_compute_instance_group.reddit-app-inst-group.self_link}" | ||
} | ||
} | ||
|
||
# То, по чьей конфигурации target https proxy перенаправляет ссылки/модули приложения (GET звпросы) на бэкэнд сервисы. | ||
resource "google_compute_url_map" "reddit-app-urlmap" { | ||
name = "reddit-app-urlmap-name" | ||
default_service = "${google_compute_backend_service.reddit-app-backend-service.self_link}" | ||
} | ||
|
||
# Перенаправляет запросы в соответствии с url map. | ||
resource "google_compute_target_http_proxy" "reddit-app-target-proxy" { | ||
name = "reddit-app-target-proxy-name" | ||
url_map = "${google_compute_url_map.reddit-app-urlmap.self_link}" | ||
} | ||
|
||
# То, что торчит наружу. Ресурс, имеющий IP-адрес и перенаправляющий запросы. | ||
resource "google_compute_global_forwarding_rule" "reddit-app-fw-rule" { | ||
name = "reddit-app-fw-rule-name" | ||
target = "${google_compute_target_http_proxy.reddit-app-target-proxy.self_link}" | ||
port_range = "80" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
provider "google" { | ||
version = "1.4.0" | ||
project = "${var.project}" | ||
region = "${var.region}" | ||
} | ||
|
||
resource "google_compute_instance" "app" { | ||
name = "reddit-app-${count.index}" | ||
machine_type = "g1-small" | ||
zone = "${var.zone}" | ||
tags = ["reddit-app"] | ||
count = "${var.app_count}" | ||
|
||
# определение загрузочного диска | ||
boot_disk { | ||
initialize_params { | ||
image = "${var.disk_image}" | ||
} | ||
} | ||
|
||
# Добавляем ключ | ||
metadata { | ||
ssh-keys = "appuser:${file(var.public_key_path)}" | ||
} | ||
|
||
# определение сетевого интерфейса | ||
network_interface { | ||
# сеть, к которой присоединить данный интерфейс | ||
network = "default" | ||
|
||
# использовать ephemeral IP для доступа из Интернет | ||
access_config {} | ||
} | ||
|
||
connection { | ||
type = "ssh" | ||
user = "appuser" | ||
agent = false | ||
private_key = "${file("${var.private_key_path}")}" | ||
} | ||
|
||
provisioner "file" { | ||
source = "files/puma.service" | ||
destination = "/tmp/puma.service" | ||
} | ||
|
||
provisioner "remote-exec" { | ||
script = "files/deploy.sh" | ||
} | ||
} | ||
|
||
resource "google_compute_project_metadata" "app" { | ||
metadata { | ||
ssh-keys = "appuser1:${file(var.public_key_path)} appuser2:${file(var.public_key_path)} appuser3:${file(var.public_key_path)}" | ||
} | ||
} | ||
|
||
resource "google_compute_firewall" "firewall_puma" { | ||
name = "allow-puma-default" | ||
|
||
# Название сети, в которой действует правило | ||
network = "default" | ||
|
||
# Какой доступ разрешить | ||
allow { | ||
protocol = "tcp" | ||
ports = ["9292"] | ||
} | ||
|
||
# Каким адресам разрешаем доступ | ||
source_ranges = ["0.0.0.0/0"] | ||
|
||
# Правило применимо для инстансов с перечисленными тэгами | ||
target_tags = ["reddit-app"] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
output "app_external_ip" { | ||
value = "${google_compute_instance.app.*.network_interface.0.access_config.0.assigned_nat_ip}" | ||
} | ||
|
||
output "lb_external_ip" { | ||
value = "${google_compute_global_forwarding_rule.reddit-app-fw-rule.ip_address}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
project = "your_project_id" | ||
public_key_path = "~/.ssh/appuser.pub" | ||
private_key_path = "~/.ssh/appuser" | ||
disk_image = "reddit-base" | ||
region = "europe-west1" | ||
app_count = "4" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
variable project { | ||
description = "Project ID" | ||
} | ||
|
||
variable region { | ||
description = "Region" | ||
default = "europe-west1" | ||
} | ||
|
||
variable "zone" { | ||
default = "europe-west1-b" | ||
description = "zone for VM" | ||
} | ||
|
||
variable public_key_path { | ||
description = "Path to the public key used for ssh access" | ||
} | ||
|
||
variable "private_key_path" { | ||
description = "Path to the private key used for ssh access" | ||
} | ||
|
||
variable disk_image { | ||
description = "Disk image" | ||
} | ||
|
||
variable "app_count" { | ||
description = "instances quantity for LB" | ||
default = "1" | ||
} |