Infrastructure as Code (IaC) for deploying the Domain Monitoring System, including Terraform configurations and Ansible roles.
This repository contains the complete infrastructure configuration for the Domain Monitoring System, including:
- Terraform configurations for AWS resources
- Ansible roles for configuring EC2 instances
domain-monitor-infra/
├── roles/
│ ├── jenkins/
│ │ ├── tasks/
│ │ │ └── main.yaml
│ │ ├── templates/
│ │ │ ├── init-script.groovy.j2
│ │ │ ├── install-plugins.groovy.j2
│ │ │ ├── node-creation.groovy.j2
│ │ │ ├── docker-pipeline-creation.groovy.j2
│ │ │ └── ansible-pipeline-creation.groovy.j2
│ │ └── vars/
│ │ └── main.yaml
│ ├── docker-agent/
│ │ ├── tasks/
│ │ │ └── main.yaml
│ │ └── templates/
│ │ ├── service.sh.j2
│ │ └── jenkins-agent.service.j2
│ └── ansible-agent/
│ ├── tasks/
│ │ └── main.yaml
│ ├── templates/
│ │ ├── service.sh.j2
│ │ └── jenkins-agent.service.j2
│ └── files/
│ ├── aws_credentials # AWS credentials file (not committed to repository)
│ ├── MoniNordic.pem # SSH private key (not committed to repository)
│ └── inventory_aws_ec2.yaml # AWS EC2 dynamic inventory file
├── main.tf # Main Terraform configuration
├── inventory_aws_ec2.yaml # Ansible dynamic inventory configuration
├── playbook.yaml # Main Ansible playbook
├── .gitignore
└── README.md # This documentation
The Terraform configuration (main.tf) provisions:
- EC2 instances for various roles (Jenkins, agents, production)
- Security groups
- Application Load Balancer
- Networking components
The Ansible roles configure the provisioned infrastructure:
- jenkins: Jenkins server setup with required plugins and configurations
- docker-agent: Build agent for Docker image creation and testing
- ansible-agent: Deployment agent that pulls and runs the deployment repository
Before deploying the infrastructure, you need to customize several configuration elements:
-
SSH Key Name: The current configuration uses a key named "MoniNordic":
key_name = "MoniNordic"
You must either:
- Create a key pair with this name in AWS, OR
- Change the key name in
main.tfto match your existing key
-
AWS Region: Update the region in both files:
- In
main.tf:provider "aws" { region = "us-west-2" # Change to your preferred region }
- In
inventory_aws_ec2.yaml: Update the regions section to match
- In
-
Security Groups: Update the security group IDs in
main.tf:vpc_security_group_ids = ["sg-02b3d29bdcd49a0cc"] # Change to your security group ID
-
AMI ID: Update the AMI ID for your region:
ami = "ami-05d38da78ce859165" # Change to appropriate AMI for your region
For security reasons, these files should be created locally and NOT committed to the repository:
- SSH private key (.pem file): For AWS instance access
- Docker credentials (docker_credentials.yml): For Docker Hub access
- AWS credentials (aws_credentials): For AWS API access
- Terraform state files (terraform.tfstate): Contains sensitive infrastructure information
Create these files:
-
SSH Key: Ensure your key is available and has the right permissions:
# Copy your key into the ansible-agent files directory cp /path/to/your/YOUR_KEY_NAME.pem roles/ansible-agent/files/ chmod 400 roles/ansible-agent/files/YOUR_KEY_NAME.pem -
Docker Credentials: Create a file
roles/jenkins/vars/docker_credentials.yml:--- docker_username: "your-dockerhub-username" docker_password: "your-dockerhub-password-or-token"
-
AWS Credentials: Create a credentials file for the Ansible agent:
# Copy your AWS credentials file cp ~/.aws/credentials roles/ansible-agent/files/aws_credentials
The infrastructure deployment workflow consists of:
-
Terraform Deployment
# Initialize Terraform terraform init # Plan the infrastructure terraform plan # Apply the configuration terraform apply
-
Ansible Configuration
After Terraform has provisioned the infrastructure:
# Run the Ansible playbook ansible-playbook -i inventory_aws_ec2.yaml playbook.yaml
This infrastructure repository works in conjunction with other repositories:
- Tests are maintained in the domain-monitor-tests repository
- The Selenium test container is built from the test repository code
- Tests are executed as part of the CI/CD pipeline before deployment
- Test results determine whether deployment proceeds
- The deployment repository contains Ansible playbooks and Jenkinsfile
- Jenkins pipelines built by this infrastructure execute those deployment configurations
- The ansible-agent role is configured to run those deployment steps
- The separate Kubernetes repository contains all K8s configurations
- The CI/CD pipeline can update the Kubernetes manifests with new image tags
- The ansible-agent can apply Kubernetes changes as needed
The ansible-agent plays a crucial role in the deployment workflow:
The roles/ansible-agent/ directory contains:
ansible-agent/
├── tasks/
│ └── main.yaml # Main tasks for setting up the agent
├── templates/
│ ├── service.sh.j2 # Template for the agent service script
│ └── jenkins-agent.service.j2 # Systemd service configuration
└── files/
├── aws_credentials # AWS credentials for dynamic inventory
├── MoniNordic.pem # SSH private key for server access
└── inventory_aws_ec2.yaml # AWS EC2 dynamic inventory configuration
The Ansible agent is configured with:
-
Installation:
- Java (for Jenkins agent connectivity)
- Ansible (for running deployment playbooks)
- Docker (for container operations)
- Git and other dependencies
-
Configuration:
- AWS credentials are copied from
files/aws_credentialsto/home/ubuntu/.aws/credentialsand/root/.aws/credentials - SSH key is copied from
files/MoniNordic.pemto/etc/ansible/MoniNordic.pem - EC2 inventory is copied from
files/inventory_aws_ec2.yamlto/etc/ansible/inventory_aws_ec2.yaml
- AWS credentials are copied from
-
Jenkins Agent Connectivity:
- Agent JAR is downloaded from the Jenkins master
- Agent secret is fetched from AWS Secrets Manager
- A systemd service is created to run the agent and connect to Jenkins
The Docker Hub credentials are used to push and pull Docker images during the CI/CD process:
-
Initial Setup: In
roles/jenkins/vars/docker_credentials.yml, provide your Docker Hub credentials:docker_username: "your-dockerhub-username" docker_password: "your-dockerhub-password-or-token"
-
Credential Usage: These credentials are automatically added to Jenkins during setup
-
Pipeline Usage: In the Jenkinsfile, the credentials are used to authenticate with Docker Hub
-
Credential Rotation: To update Docker credentials:
- Update the
docker_credentials.ymlfile - Re-run the Ansible playbook to update Jenkins
- Alternatively, manually update in the Jenkins UI: Manage Jenkins > Manage Credentials
- Update the
- Check that EC2 instances are running
- Verify security groups allow SSH access
- Ensure the inventory file correctly identifies hosts
- Check Jenkins console output for specific error messages
- Verify Docker credentials are correctly configured
- Ensure EC2 instances have sufficient resources
- Review test logs for specific failure details
- Check if the Selenium container can access the application
- Verify that test dependencies are correctly installed
- Fork the repository
- Create a feature branch:
git checkout -b feature/my-feature - Commit your changes:
git commit -am 'Add my feature' - Push to the branch:
git push origin feature/my-feature - Submit a pull request