28 set up terraform and ansible scripts

client/README.md

@@ -31,6 +31,7 @@ You can check out [the Next.js GitHub repository](https://github.com/vercel/next
 
 ## Deploy on Vercel
 
+
 The easiest way to deploy your Next.js app is to use the [Vercel Platform](https://vercel.com/new?utm_medium=default-template&filter=next.js&utm_source=create-next-app&utm_campaign=create-next-app-readme) from the creators of Next.js.
 
 Check out our [Next.js deployment documentation](https://nextjs.org/docs/app/building-your-application/deploying) for more details.

compose.aws.yml

@@ -23,8 +23,17 @@ services:
   server:
     image: ghcr.io/aet-devops25/team-server-down/server:latest
     environment:
-      - SPRING_PROFILES_ACTIVE=docker
+      DB_HOST: ${DB_HOST:-db}
+      DB_PORT: ${DB_PORT:-5432}
+      DB_NAME: ${DB_NAME:-postgres}
+      DB_USER: ${DB_USER:-postgres}
+      DB_PASSWORD: ${DB_PASSWORD:-postgres}
+    depends_on:
+      db:
+        condition: service_healthy
     restart: unless-stopped
+    networks:
+      - server
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.server.rule=Host(`${SERVER_HOST}`)"
@@ -47,4 +56,28 @@ services:
       - "traefik.http.routers.client.tls.certresolver=letsencrypt"
       - "traefik.http.middlewares.client-compress.compress=true"
       - "traefik.http.routers.client.middlewares=client-compress"
-      - "traefik.http.routers.client.priority=1"
+      - "traefik.http.routers.client.priority=1"
+
+  db:
+    image: postgres:16.2-bullseye
+    restart: unless-stopped
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+    healthcheck:
+      test: [ "CMD-SHELL", "sh -c 'pg_isready -U postgres -d postgres'" ]
+      interval: 10s
+      timeout: 3s
+      retries: 3
+    ports:
+      - "5432:5432"
+    volumes:
+      - db-data:/var/lib/postgresql/data
+    networks:
+      - server
+
+volumes:
+  db-data:
+
+networks:
+  server:

infrastructure/ansible/playbook.yml

@@ -0,0 +1,108 @@
+- hosts: all
+  become: true
+  vars:
+    container_count: 4
+    default_container_name: docker
+    default_container_image: ubuntu
+    default_container_command: sleep 1
+
+- name: Install Docker, Docker Compose
+  hosts: all
+  become: true
+  tasks:
+    - name: Install aptitude
+      apt:
+        name: aptitude
+        state: latest
+        update_cache: true
+
+    - name: Install required system packages
+      apt:
+        pkg:
+          - apt-transport-https
+          - ca-certificates
+          - curl
+          - software-properties-common
+          - python3-pip
+          - virtualenv
+          - python3-setuptools
+        state: latest
+        update_cache: true
+
+    - name: Add Docker GPG apt Key
+      apt_key:
+        url: https://download.docker.com/linux/ubuntu/gpg
+        state: present
+
+    - name: Add Docker Repository
+      apt_repository:
+        repo: deb https://download.docker.com/linux/ubuntu focal stable
+        state: present
+
+    - name: Update apt and install docker-ce
+      apt:
+        name: docker-ce
+        state: latest
+        update_cache: true
+
+    - name: Install Docker module for Python
+      apt:
+        name: python3-docker
+        state: present
+      become: true
+
+    - name: Start docker daemon
+      systemd:
+        name: docker
+        state: started
+
+- name: Create a new Linux User
+  hosts: all
+  become: yes
+  tasks:
+    - name: Create new Linux User
+      user:
+        name: teamserverdown
+        groups: adm,docker
+        append: yes
+
+    - name: Reconnect to server session
+      meta: reset_connection
+
+- name: Start Project
+  hosts: all
+  become: yes
+  tasks:
+    - name: Clone GitHub repository
+      git:
+        repo: https://github.com/AET-DevOps25/team-server-down
+        dest: /home/ubuntu/team-server-down/
+        clone: yes
+        update: yes
+
+    - name: Get the public IP address of the network.
+      uri:
+        url: https://api.ipify.org?format=json
+        method: Get
+      changed_when: false
+      register: public_ip
+      until: public_ip.status == 200
+      retries: 6
+      delay: 10
+
+    - name: Create .env.prod
+      ansible.builtin.shell: |
+        cd team-server-down
+        rm .env.prod
+        touch .env.prod
+        echo "CLIENT_HOST=client.{{ public_ip.json.ip }}.nip.io" >> .env.prod
+        echo "SERVER_HOST=api.{{ public_ip.json.ip }}.nip.io" >> .env.prod
+        echo "PUBLIC_API_URL=https://api.{{ public_ip.json.ip }}.nip.io/api" >> .env.prod
+
+    - name: Start Container
+      community.docker.docker_compose_v2:
+        project_src: /home/ubuntu/team-server-down
+        files: compose.aws.yml
+        env_files: .env.prod
+      register: output
+

infrastructure/terraform/.gitignore

@@ -0,0 +1,34 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

infrastructure/terraform/main.tf

@@ -0,0 +1,131 @@
+provider "aws" {
+  region = "us-east-1"
+}
+
+variable vpc_cidr_block {}
+variable subnet_1_cidr_block {}
+variable avail_zone {}
+variable env_prefix {}
+variable instance_type {}
+variable ssh_key {}
+# variable my_ip {}
+variable ssh_private_key{}
+
+resource "aws_vpc" "teamserverdown-vpc" {
+  cidr_block = var.vpc_cidr_block
+  tags = {
+    Name = "${var.env_prefix}-vpc"
+  }
+}
+
+resource "aws_subnet" "teamserverdown-subnet-1" {
+  vpc_id = aws_vpc.teamserverdown-vpc.id
+  cidr_block = var.subnet_1_cidr_block
+  availability_zone = var.avail_zone
+  tags = {
+    Name = "${var.env_prefix}-subnet-1"
+  }
+}
+
+resource "aws_security_group" "teamserverdown-sg" {
+  name   = "teamserverdown-sg"
+  vpc_id = aws_vpc.teamserverdown-vpc.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"] # Change to my_ip
+  }
+
+  ingress {
+    from_port   = 8080
+    to_port     = 8080
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port       = 0
+    to_port         = 0
+    protocol        = "-1"
+    cidr_blocks     = ["0.0.0.0/0"]
+    prefix_list_ids = []
+  }
+
+  tags = {
+    Name = "${var.env_prefix}-sg"
+  }
+}
+
+resource "aws_internet_gateway" "teamserverdown-igw" {
+  vpc_id = aws_vpc.teamserverdown-vpc.id
+
+  tags = {
+    Name = "${var.env_prefix}-internet-gateway"
+  }
+}
+
+resource "aws_route_table" "teamserverdown-route-table" {
+  vpc_id = aws_vpc.teamserverdown-vpc.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.teamserverdown-igw.id
+  }
+
+  # default route, mapping VPC CIDR block to "local", created implicitly and cannot be specified.
+
+  tags = {
+    Name = "${var.env_prefix}-route-table"
+  }
+}
+
+# Associate subnet with Route Table
+resource "aws_route_table_association" "a-rtb-subnet" {
+  subnet_id      = aws_subnet.teamserverdown-subnet-1.id
+  route_table_id = aws_route_table.teamserverdown-route-table.id
+}
+
+resource "aws_key_pair" "ssh-key" {
+  key_name   = "teamserverdown-key"
+  public_key = file(var.ssh_key)
+}
+
+output "server-ip" {
+  value = aws_instance.teamserverdown-server.public_ip
+}
+
+resource "aws_instance" "teamserverdown-server" {
+  ami                         = "ami-084568db4383264d4"
+  instance_type               = var.instance_type
+  key_name                    = "teamserverdown-key"
+  associate_public_ip_address = true
+  subnet_id                   = aws_subnet.teamserverdown-subnet-1.id
+  vpc_security_group_ids      = [aws_security_group.teamserverdown-sg.id]
+  availability_zone			      = var.avail_zone
+
+  tags = {
+    Name = "${var.env_prefix}-server"
+  }
+}
+
+resource "null_resource" "wait_for_ssh" {
+  depends_on = [aws_instance.teamserverdown-server]
+
+  provisioner "local-exec" {
+    command = "bash -c 'until nc -zv ${aws_instance.teamserverdown-server.public_ip} 22; do sleep 5; done'"
+  }
+}
+
+resource "null_resource" "configure_server" {
+  depends_on = [null_resource.wait_for_ssh]
+
+  triggers = {
+    trigger = aws_instance.teamserverdown-server.public_ip
+  }
+  provisioner "local-exec" {
+    working_dir = "/Users/leonliang/tum-informatik/SS25/DevOps/team-server-down/infrastructure/ansible"
+    command = "ansible-playbook --inventory ${aws_instance.teamserverdown-server.public_ip}, --private-key ${var.ssh_private_key} --user ubuntu playbook.yml --ssh-extra-args='-o StrictHostKeyChecking=no'"
+  }
+}

infrastructure/terraform/terraform.tfvars

@@ -0,0 +1,8 @@
+vpc_cidr_block = "10.0.0.0/16"
+subnet_1_cidr_block = "10.0.0.0/24"
+avail_zone = "us-east-1a"
+env_prefix = "dev"
+instance_type = "t2.micro"
+ssh_key = "/Users/leonliang/.ssh/teamserverdown.pub"
+# my_ip = "your IP"
+ssh_private_key = "/Users/leonliang/.ssh/teamserverdown"