feat: jenkins instance + eip + route53

* patch: update github actions workflow file tfvars * fix: github actions workflow set environment
csye7125-fall2023-group05 · Sep 26, 2023 · f1eb39a · f1eb39a
1 parent 79f7d09
commit f1eb39a
Show file tree

Hide file tree

Showing 11 changed files with 189 additions and 9 deletions.
diff --git a/.github/workflows/tf-validate.yml b/.github/workflows/tf-validate.yml
@@ -10,25 +10,30 @@ on:
 jobs:
   tf_validate:
     runs-on: ubuntu-latest
+    environment: ${{ vars.ENVIRONMENT }}
     name: Configure AWS `ghactions` IAM user
     steps:
       - uses: actions/checkout@v3
       - name: Create Terraform variables
         run: |
           cd root && touch prod.tfvars
-          echo REGION=${{ secrets.AWS_REGION }} >> prod.tfvars
-          echo ENV=${{ secrets.ENV }} >> prod.tfvars
-          echo VPC_CIDR_BLOCK=${{ secrets.VPC_CIDR_BLOCK }} >> prod.tfvars
-          echo PUBLIC_ROUTE_TABLE_CIDR_BLOCK=${{ secrets.PUBLIC_ROUTE_TABLE_CIDR_BLOCK }} >> prod.tfvars
-          echo PUBLIC_SUBNETS=${{ secrets.PUBLIC_SUBNETS }} >> prod.tfvars
-          echo PRIVATE_SUBNETS=${{ secrets.PRIVATE_SUBNETS }} >> prod.tfvars
+          echo region=${{ vars.AWS_REGION }} >> prod.tfvars
+          echo env=${{ vars.ENV }} >> prod.tfvars
+          echo vpc_cidr_block=${{ vars.VPC_CIDR_BLOCK }} >> prod.tfvars
+          echo public_route_table_cidr_block=${{ vars.PUBLIC_ROUTE_TABLE_CIDR_BLOCK }} >> prod.tfvars
+          echo public_subnets=${{ vars.PUBLIC_SUBNETS }} >> prod.tfvars
+          echo private_subnets=${{ vars.PRIVATE_SUBNETS }} >> prod.tfvars
+          echo root_account_ids=${{ secrets.AMI_USERS }} >> prod.tfvars
+          echo ami_prefix=${{ vars.AMI_USERS }} >> prod.tfvars
+          echo instance_type=${{vars.INSTANCE_TYPE}} >> prod.tfvars
+          echo domain_name=${{vars.DOMAIN_NAME}} >> prod.tfvars
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
-          aws-region: ${{ secrets.AWS_REGION }}
+          aws-region: ${{ vars.AWS_REGION }}
 
       - name: Setup `Terraform`
         uses: hashicorp/setup-terraform@v2

diff --git a/modules/ec2/main.tf b/modules/ec2/main.tf
@@ -0,0 +1,90 @@
+data "aws_ami" "jenkins_ami" {
+  most_recent = true
+  owners      = var.root_account_ids
+
+  filter {
+    name   = "name"
+    values = [var.ami_prefix]
+  }
+
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+}
+
+resource "aws_security_group" "jenkins_sg" {
+  name        = "JenkinsServerSG"
+  description = "Allow TLS inbound traffic"
+  vpc_id      = var.vpc_id
+
+  ingress {
+    description = "HTTP"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    description = "HTTPS"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "JenkinsServerSG"
+  }
+}
+
+resource "aws_network_interface" "jenkins_server_nic" {
+  subnet_id       = var.public_subnets[0]
+  security_groups = [aws_security_group.jenkins_sg.id]
+
+  tags = {
+    Name = "jenkins_server_network_interface"
+  }
+}
+
+resource "aws_eip" "jenkins_server_eip" {
+  domain = "vpc"
+
+  # instance   = aws_instance.jenkins_server.id
+  network_interface = aws_network_interface.jenkins_server_nic.id
+  depends_on        = [var.igw_id]
+
+  # TODO: tags
+}
+
+resource "aws_instance" "jenkins_server" {
+  ami           = data.aws_ami.jenkins_ami.id
+  instance_type = var.instance_type
+
+  network_interface {
+    network_interface_id = aws_network_interface.jenkins_server_nic.id
+    device_index         = 0
+  }
+
+  user_data = base64encode("${templatefile("../modules/ec2/userdata.sh", {
+    DOMAIN_NAME = "jenkins.${var.domain_name}"
+  })}")
+
+  tags = {
+    Name = "Jenkins Server"
+  }
+}
+
diff --git a/modules/ec2/output.tf b/modules/ec2/output.tf
@@ -0,0 +1,3 @@
+output "jenkins_server_eip_public_ip" {
+  value = aws_eip.jenkins_server_eip.public_ip
+}
diff --git a/modules/ec2/userdata.sh b/modules/ec2/userdata.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+cd /etc/caddy/ || exit
+sudo mv Caddyfile Caddyfile.backup
+touch Caddyfile
+echo "${DOMAIN_NAME}" > domain.txt
+
+tee -a ./Caddyfile << END
+${DOMAIN_NAME} {
+  root * /usr/share/caddy
+  reverse_proxy localhost:8080
+}
+END
+
+sudo systemctl restart caddy.service
diff --git a/modules/ec2/variables.tf b/modules/ec2/variables.tf
@@ -0,0 +1,7 @@
+variable "root_account_ids" {}
+variable "ami_prefix" {}
+variable "instance_type" {}
+variable "public_subnets" {}
+variable "domain_name" {}
+variable "igw_id" {}
+variable "vpc_id" {}
diff --git a/modules/route53/main.tf b/modules/route53/main.tf
@@ -0,0 +1,12 @@
+
+data "aws_route53_zone" "jenkins" {
+  name = var.domain_name
+}
+
+resource "aws_route53_record" "www" {
+  zone_id = data.aws_route53_zone.jenkins.zone_id
+  name    = "jenkins.${var.domain_name}"
+  type    = "A"
+  ttl     = 300
+  records = [var.jenkins_server_eip_public_ip]
+}
diff --git a/modules/route53/output.tf b/modules/route53/output.tf
diff --git a/modules/route53/variables.tf b/modules/route53/variables.tf
@@ -0,0 +1,2 @@
+variable "domain_name" {}
+variable "jenkins_server_eip_public_ip" {}
diff --git a/root/example.tfvars b/root/example.tfvars
@@ -2,5 +2,9 @@ region                        = ""
 env                           = ""
 vpc_cidr_block                = ""
 public_route_table_cidr_block = ""
-public_subnets                = [""]
-private_subnets               = [""]
+public_subnets                = []
+private_subnets               = []
+root_account_ids              = []
+ami_prefix                    = ""
+instance_type                 = ""
+domain_name                   = ""
diff --git a/root/main.tf b/root/main.tf
@@ -7,3 +7,20 @@ module "vpc" {
   public_subnets                = var.public_subnets
   private_subnets               = var.private_subnets
 }
+
+module "ec2" {
+  source           = "../modules/ec2"
+  root_account_ids = var.root_account_ids
+  ami_prefix       = var.ami_prefix
+  instance_type    = var.instance_type
+  public_subnets   = module.vpc.public_subnets
+  domain_name      = var.domain_name
+  igw_id           = module.vpc.igw_id
+  vpc_id           = module.vpc.vpc_id
+}
+
+module "route_53" {
+  source                       = "../modules/route53"
+  domain_name                  = var.domain_name
+  jenkins_server_eip_public_ip = module.ec2.jenkins_server_eip_public_ip
+}
diff --git a/root/variables.tf b/root/variables.tf
@@ -32,6 +32,31 @@ variable "private_subnets" {
   type        = list(string)
 }
 
+variable "root_account_ids" {
+  description = "Karan, Sid, Rishab ROOT Account ids"
+  type        = list(string)
+  default     = ["835431937788", "547416033541", "078164504089"]
+}
+
+variable "ami_prefix" {
+  description = "AMI name prefix"
+  type        = string
+  default     = "CSYE7125-jenkins-*"
+}
+
+variable "instance_type" {
+  description = "ec2 instance type"
+  type        = string
+  default     = "t2.micro"
+}
+
+variable "domain_name" {
+  description = "hosted zone name"
+  type        = string
+  default     = "domain.tld"
+}
+
+
 # variable "profile" {
 #   description = "AWS profile"
 #   type        = string