Merge pull request #50 from AET-DevOps25/28-iac-automate-ec2-provisioning-and-deployment-with-terraform-and-ansible

28 iac automate ec2 provisioning and deployment with terraform and ansible

Author: GravityDarkLab

.github/workflows/deploy_to_aws.yml

@@ -0,0 +1,142 @@
+name: Deploy to AWS
+
+on:
+  workflow_call:
+    inputs:
+      ec2_ip:
+        required: true
+        type: string
+  workflow_dispatch:
+    inputs:
+      ec2_ip:
+        description: 'EC2 public IP to deploy to'
+        required: true
+        type: string
+
+permissions:
+  contents: read
+  packages: read
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment:
+      name: AWS
+      url: 'https://client.${{ github.event.inputs.ec2_ip || inputs.ec2_ip }}.nip.io'
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+     
+      - name: Test SSH, disk space & Docker registry
+        uses: appleboy/ssh-action@v1.0.3
+        with:
+          host: ${{ github.event.inputs.ec2_ip || inputs.ec2_ip }}
+          username: ${{ vars.AWS_EC2_USER }}
+          key: ${{ secrets.AWS_EC2_PRIVATE_KEY }}
+          script: |
+            set -e
+            echo "Testing disk space:"
+            df -h /
+            echo "Testing Docker:"
+            docker ps
+            echo "Testing Docker registry login:"
+            echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+            echo "All initial checks passed."
+
+      - name: Copy Docker Compose File From Repo to the EC2 Instance
+        uses: appleboy/scp-action@v0.1.7
+        with:
+          host: ${{ github.event.inputs.ec2_ip || inputs.ec2_ip }}
+          username: ${{ vars.AWS_EC2_USER }}
+          key: ${{ secrets.AWS_EC2_PRIVATE_KEY }}
+          source: "./docker-compose.prod.yml"
+          target: /home/${{ vars.AWS_EC2_USER }}
+    
+      - name: Get latest tag (or use 1.0-alpha as fallback)
+        id: get_tag
+        run: |
+          TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "1.0-alpha")
+          echo "tag=$TAG" >> $GITHUB_OUTPUT
+          echo "Latest tag is: $TAG"
+          
+      - name: Prepare Environment File (.env.prod)
+        uses: appleboy/ssh-action@v1.0.3
+        with:
+          host: ${{ github.event.inputs.ec2_ip || inputs.ec2_ip }}
+          username: ${{ vars.AWS_EC2_USER }}
+          key: ${{ secrets.AWS_EC2_PRIVATE_KEY }}
+          script: |
+            set -e
+            cd /home/${{ vars.AWS_EC2_USER }}
+            rm -f .env.prod
+            echo "Creating .env.prod file..."
+            echo "MONGODB_CONTAINER_NAME=skill-forge-mongo-db" >> .env.prod
+            echo "CLIENT_CONTAINER_NAME=skill-forge-client" >> .env.prod
+            echo "SERVER_CONTAINER_NAME=skill-forge-server" >> .env.prod
+            echo "GENAI_CONTAINER_NAME=skill-forge-genai" >> .env.prod
+            echo "WEAVIATE_CONTAINER_NAME=skill-forge-weaviate" >> .env.prod
+
+            echo "MONGODB_EXPOSED_PORT=27018" >> .env.prod
+            echo "MONGODB_DATABASE=${{ vars.MONGODB_DATABASE }}" >> .env.prod
+            echo "MONGODB_USERNAME=${{ secrets.MONGODB_USERNAME }}" >> .env.prod
+            echo "MONGODB_PASSWORD=${{ secrets.MONGODB_PASSWORD }}" >> .env.prod
+
+            echo "SPRING_PROFILE_ACTIVES=docker" >> .env.prod
+            echo "SERVER_PORT_GATEWAY=8081" >> .env.prod
+            echo "SERVER_PORT_USER=8082" >> .env.prod
+            echo "SERVER_PORT_COURSES=8083" >> .env.prod
+
+            echo "JWT_SECRET=${{ secrets.JWT_SECRET }}" >> .env.prod
+            echo "JWT_EXPIRATION_MS=${{ vars.JWT_EXPIRATION_MS }}" >> .env.prod
+
+            echo "VITE_PORT=3000" >> .env.prod
+            echo "VITE_APP_NAME=SkillForge.ai" >> .env.prod
+            echo "VITE_APP_VERSION=${{ steps.get_tag.outputs.tag }}" >> .env.prod
+            echo "VITE_API_BASE_URL=/api/" >> .env.prod
+            echo "VITE_API_VERSION=v1" >> .env.prod
+            echo "BUILD_MODE=production" >> .env.prod
+
+            echo "WEAVIATE_HOST=weaviate-db" >> .env.prod
+            echo "WEAVIATE_EXPOSED_HTTP_PORT=1234" >> .env.prod
+            echo "WEAVIATE_EXPOSED_GRPC_PORT=50051" >> .env.prod
+
+            echo "GENAI_APP_NAME=skill-forge-genai" >> .env.prod
+            echo "GENAI_APP_VERSION=${{ steps.get_tag.outputs.tag }}" >> .env.prod
+            echo "GENAI_PORT=8888" >> .env.prod
+            echo "CORS_ALLOW_ORIGINS=*" >> .env.prod
+            echo "IS_DEV_MODE=0" >> .env.prod
+            echo "UVICORN_WORKERS=${{ vars.UVICORN_WORKERS }}" >> .env.prod
+            echo "LLM_PROVIDER=${{ vars.LLM_PROVIDER }}" >> .env.prod
+            echo "OPENAI_API_BASE=${{ vars.OPENAI_API_BASE }}" >> .env.prod
+            echo "OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }}" >> .env.prod
+            echo "OPENAI_MODEL=${{ vars.OPENAI_MODEL }}" >> .env.prod
+
+            echo "CLIENT_HOST=client.${{ github.event.inputs.ec2_ip || inputs.ec2_ip }}.nip.io" >> .env.prod
+            echo "SERVER_HOST=api.${{ github.event.inputs.ec2_ip || inputs.ec2_ip }}.nip.io" >> .env.prod
+            echo "PUBLIC_API_URL=https://api.${{ github.event.inputs.ec2_ip || inputs.ec2_ip }}.nip.io/api" >> .env.prod
+
+            chmod 600 .env.prod
+            echo ".env.prod file created."
+
+      - name: SSH to the EC2 Instance and Start Docker Compose
+        uses: appleboy/ssh-action@v1.0.3
+        timeout-minutes: 10
+        with:
+          host: ${{ github.event.inputs.ec2_ip || inputs.ec2_ip }}
+          username: ${{ vars.AWS_EC2_USER }}
+          key: ${{ secrets.AWS_EC2_PRIVATE_KEY }}
+          script: |
+            set -e
+            cd /home/${{ vars.AWS_EC2_USER }}
+            echo " >>> Logging into Docker registry..."
+            echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+            echo " >>> Starting Docker Compose..."
+            if ! docker compose -f docker-compose.prod.yml --env-file .env.prod up --pull=always -d; then
+              echo "❌ Docker Compose failed. Showing service status:"
+              docker compose -f docker-compose.prod.yml ps
+              echo "-----------------------------------------"
+              echo "------------ Recent logs ----------------"
+              docker compose -f docker-compose.prod.yml logs --tail=40
+              exit 1
+            fi

.github/workflows/docker-build-push.yml

@@ -2,9 +2,14 @@ name: Build and Push Docker Images
 
 on:
   push:
-    branches: [main]
+    branches: [main, test]
+    paths:
+      - 'client/**'
+      - 'server/skillforge-gateway/**'
+      - 'server/skillforge-user/**'
+      - 'genai/**'
   pull_request:
-    branches: [main]
+    branches: [main, test]
     paths:
       - 'client/**'
       - 'server/skillforge-gateway/**'
@@ -97,7 +102,7 @@ jobs:
         with:
           context: ${{ matrix.path }}
           file: ${{ matrix.path }}/Dockerfile
-          push: true
+          push: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/test' }}
           tags: ghcr.io/aet-devops25/team-git-it-together/${{ matrix.image }}:${{ steps.set_tag.outputs.tag }}
           cache-from: type=registry,ref=ghcr.io/aet-devops25/team-git-it-together/${{ matrix.image }}-cache
           cache-to: type=registry,ref=ghcr.io/aet-devops25/team-git-it-together/${{ matrix.image }}-cache,mode=max

…ithub/workflows/deploy_docker_to_aws.yml …orkflows/manual_docker_deploy_to_aws.yml.github/workflows/deploy_docker_to_aws.yml renamed to .github/workflows/manual_docker_deploy_to_aws.yml .github/workflows/deploy_docker_to_aws.yml renamed to .github/workflows/manual_docker_deploy_to_aws.yml

@@ -1,3 +1,8 @@
+# This workflow performs a manual deployment of Docker images to an AWS EC2 instance
+# via SSH/SCP. It is intended for legacy/manual operations. For full automation,
+# see the automated deployment workflow (.github/workflows/auto_docker_deploy_to_aws.yml).
+
+
 name: Deploy Docker Images
 
 on:

.github/workflows/provision_and_configure.yml

@@ -0,0 +1,91 @@
+name: Provision and Configure AWS
+
+on:
+  push:
+      branches:
+        - main
+      paths:
+        - 'infra/**'
+  workflow_dispatch:
+    inputs:
+      AWS_ACCESS_KEY_ID:
+        description: 'AWS Access Key ID'
+        required: true
+        type: string
+      AWS_SECRET_ACCESS_KEY:
+        description: 'AWS Secret Access Key'
+        required: true
+        type: string
+      AWS_REGION:
+        description: 'AWS Region (e.g. us-east-1)'
+        required: true
+        default: 'us-east-1'
+        type: string
+permissions:
+  contents: read
+  packages: read
+  id-token: write
+jobs:
+  provision_and_configure:
+    runs-on: ubuntu-latest
+    outputs:
+      ec2_ip: ${{ steps.get_public_ip.outputs.ec2_ip }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Set up AWS credentials for Terraform
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ github.event.inputs.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ github.event.inputs.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ github.event.inputs.AWS_REGION }}
+
+      # Terraform: Init, Plan, Apply
+      - name: Terraform Init
+        run: terraform -chdir=infra/terraform init
+
+      - name: Terraform Plan
+        run: terraform -chdir=infra/terraform plan
+
+      - name: Terraform Apply
+        run: terraform -chdir=infra/terraform apply -auto-approve
+
+      # Output EC2 Public IP for use by deploy workflow
+      - name: Get EC2 Public IP
+        id: get_public_ip
+        run: |
+          echo "The EC2 has the following public IP: $(terraform -chdir=infra/terraform output -raw public_ip)"
+          echo "ec2_ip=$(terraform -chdir=infra/terraform output -raw public_ip)" >> $GITHUB_OUTPUT
+
+      # Write SSH key for Ansible
+      - name: Write SSH key
+        run: |
+          echo "${{ secrets.AWS_EC2_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+
+      # Write inventory for Ansible using the new IP
+      - name: Write inventory.ini for Ansible
+        run: |
+          echo "[git_it_together]" > infra/ansible/inventory.ini
+          echo "${{ steps.get_public_ip.outputs.ec2_ip }} ansible_user=ubuntu ansible_ssh_private_key_file=~/.ssh/id_rsa" >> infra/ansible/inventory.ini
+
+      # Add host to known_hosts to avoid SSH prompts
+      - name: Add EC2 to known_hosts
+        run: |
+          ssh-keyscan ${{ steps.get_public_ip.outputs.ec2_ip }} >> ~/.ssh/known_hosts
+
+      # Run Ansible Playbook for server configuration
+      - name: Configure EC2 with Ansible
+        working-directory: infra/ansible
+        run: |
+          ansible-playbook -i inventory.ini docker-setup.yml
+
+      - name: Trigger Deploy Workflow
+        uses: peter-evans/workflow-dispatch@v1
+        with:
+            workflow: "deploy_to_aws.yml"
+            ref: ${{ github.ref }}
+            inputs: |
+              ec2_ip: "${{ steps.get_public_ip.outputs.ec2_ip }}"

.gitignore

@@ -389,3 +389,5 @@ sketch
 genai/tmp/
 genai/crawled_content.log
 genai/.env
+
+.ansible/

infra/README.md

@@ -0,0 +1,113 @@
+# 🚀 git-it-together Infrastructure Automation
+
+Provision and configure cloud infrastructure for the git-it-together teams's platform using **Terraform** (for AWS provisioning) and **Ansible** (for configuration management).
+
+---
+
+## 🧰 What’s Inside?
+
+- **Terraform:**  
+  - Provisions AWS resources (VPC, subnet, EC2 instance, Elastic IP, security group, etc.)
+- **Ansible:**  
+  - Installs and configures Docker & Docker Compose on the provisioned EC2 instance
+  - Adds the `ubuntu` user to the `docker` group for passwordless Docker commands
+
+---
+
+## 📂 Project Structure
+
+```
+
+infra/
+├── terraform/
+│   ├── main.tf
+│   ├── variables.tf
+│   ├── outputs.tf
+│   ├── terraform.tfvars.example
+│   ├── README.md
+│   └── .gitignore
+└── ansible/
+│   ├── playbook.yml
+│   ├── inventory.example.ini
+│   ├── README.md
+│   └── .gitignore
+└── README.md
+
+````
+
+---
+
+## 🚦 Prerequisites
+
+- [Terraform](https://www.terraform.io/downloads)
+- [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
+- AWS account and credentials (for Terraform)
+- SSH private key for your EC2 instance
+
+---
+
+## 🏗️ Deploying Infrastructure with Terraform
+
+1. **Configure Variables:**
+
+   - Copy `terraform.tfvars.example` to `terraform.tfvars` and fill in required values, e.g., `key_name`, `eip_allocation_id`.
+
+2. **Initialize Terraform:**
+
+   ```bash
+   terraform -chdir=terraform init
+````
+
+3. **Preview Infrastructure Changes:**
+
+   ```bash
+   terraform -chdir=terraform plan
+   ```
+
+4. **Apply Infrastructure Changes (DO NOT RUN ON PROD)**
+
+   ```bash
+   terraform -chdir=terraform apply
+   ```
+
+---
+
+## 🛠️ Server Configuration with Ansible
+
+1. **Prepare your Ansible inventory:**
+
+   * Copy `inventory.example.ini` to `inventory.ini`.
+   * Add your EC2 public IP (from Terraform output):
+
+     ```
+     [git_it_together]
+     <EC2_PUBLIC_IP> ansible_user=ubuntu ansible_ssh_private_key_file=./labuser.pem
+     ```
+   * Make sure your SSH key (`labuser.pem`) is present and has `chmod 600` permissions.
+
+2. **Dry Run the Playbook:**
+
+   ```bash
+   ansible-playbook -i inventory.ini docker-setup.yml --check
+   ```
+
+3. **(Optional) Run the Playbook (DO NOT RUN ON PROD):**
+
+   ```bash
+   ansible-playbook -i inventory.ini docker-setup.yml
+   ```
+
+---
+
+## 🧑‍💻 Automation / CI/CD
+
+* In CI pipelines, the `terraform.tfvars` file will be dynamically generated with environment-specific values.
+* Ansible playbooks can be triggered post-Terraform deployment to configure the infrastructure.
+* The Ansible `inventory.ini` will also be dynamically generated based on the Terraform output and environment variables on GitHub.
+
+---
+
+## 📚 References
+
+* [Terraform AWS Provider](https://registry.terraform.io/providers/hashicorp/aws/latest/docs)
+* [Ansible Docs](https://docs.ansible.com/ansible/latest/index.html)