(feat) test role on ephemeral ec2 provisioned w terraform (#1)

benmangold · Sep 27, 2020 · 778ee21 · 778ee21
1 parent 23e7775
commit 778ee21
Show file tree

Hide file tree

Showing 13 changed files with 217 additions and 16 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+.terraform
+*.tfstate
diff --git a/Makefile b/Makefile
@@ -0,0 +1,18 @@
+#!/usr/bin/env make
+
+export TF_VAR_instance_name=dev_server_role_dev_env
+
+init:
+	cd terraform; terraform init;
+
+apply:
+	cd terraform; terraform apply;
+
+destroy:
+	cd terraform; terraform destroy;
+
+connect:
+	./scripts/connect-to-instance.sh
+
+ansible:
+	./scripts/ansible.sh
diff --git a/README.md b/README.md
@@ -7,6 +7,46 @@ postgresql, docker, nodejs 12, oh-my-zsh
 
 a role used by [benmangold/dev-server](https://github.com/benmangold/dev-server)
 
+Makefile
+--------
+
+Before running `make` commands:
+
+Export AWS Credentials
+
+Add ssh key locally
+
+Optionally, set a required Terraform variable with your AWS key name
+
+Example setup:
+
+```bash
+# Example command, exporting creds from LastPass notes `access-key-id` and `secret-access-key` with jq:
+export AWS_ACCESS_KEY_ID=$(lpass show access-key-id --json | jq -r '.[0].note')
+export AWS_SECRET_ACCESS_KEY=$(lpass show secret-access-key --json | jq -r '.[0].note')
+
+# Set up ssh key for access
+ssh-add /path/to/my-key-name.pem
+
+# Optionally, export AWS key name for ssh as Terraform var:
+export TF_VAR_key_name=my-key-name
+
+```
+
+```bash
+make init # initialize terraform
+
+make apply # create ephemeral EC2 instance for role dev. 
+
+# NOTE: wait 30s after apply before running ansible
+make ansible # run ansible role tasks against EC2
+
+make connect # connect to EC2 via ssh
+
+make destroy # destroy EC2
+
+```
+
 Role Variables
 --------------
 

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -22,6 +22,7 @@ docker_packages:
   - python3-setuptools
 
 postgres_packages:
+  - acl
   - bash
   - openssl
   - libpq-dev

diff --git a/scripts/ansible.sh b/scripts/ansible.sh
@@ -0,0 +1,21 @@
+#! /bin/bash
+
+##
+## Use this script to run ansible on your instance after applying terraform
+##
+## Run via `make ansible`
+## 
+## This script requires $TF_VAR_instance_name to be exported in Makefile
+##
+
+if [[ -z "$TF_VAR_instance_name" ]]; then
+    echo "Must provide TF_VAR_instance_name in environment" 1>&2
+    echo "Run this script via `make connect`" 1>&2
+    exit 1
+fi
+
+export PUBLIC_IP=$(aws ec2 describe-instances --filters Name=instance-state-name,Values=running Name=tag:Name,Values=$TF_VAR_instance_name --region=us-east-2 | jq -r .Reservations[].Instances[].PublicIpAddress)
+
+echo "$PUBLIC_IP" > "tests/inventory"
+
+ansible-playbook -i ./tests/inventory --private-key ~/.ssh/lemur-pro.pem ./tests/test.yml
diff --git a/scripts/connect-to-instance.sh b/scripts/connect-to-instance.sh
@@ -0,0 +1,19 @@
+#! /bin/bash
+
+##
+## Use this script to connect to your instance after applying terraform
+##
+## Run via `make connect`
+## 
+## This script requires $TF_VAR_instance_name to be exported in Makefile
+##
+
+if [[ -z "$TF_VAR_instance_name" ]]; then
+    echo "Must provide TF_VAR_instance_name in environment" 1>&2
+    echo "Run this script via `make connect`" 1>&2
+    exit 1
+fi
+
+export PUBLIC_DNS=$(aws ec2 describe-instances --filters Name=instance-state-name,Values=running Name=tag:Name,Values=$TF_VAR_instance_name --region=us-east-2 | jq -r .Reservations[].Instances[].PublicDnsName)
+
+ssh -A ubuntu@$PUBLIC_DNS
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,10 +1,10 @@
 ---
 
-  - import_tasks: tasks/packages.yml
-  - import_tasks: tasks/tools/git.yml
-  - import_tasks: tasks/tools/docker.yml
-  - import_tasks: tasks/tools/postgres.yml
-  - import_tasks: tasks/tools/oh-my-zsh.yml
-  - import_tasks: tasks/tools/nodejs.yml
-  - import_tasks: tasks/filesystem.yml
-  - import_tasks: tasks/smoke-test.yml
+  - import_tasks: ../tasks/packages.yml
+  - import_tasks: ../tasks/tools/git.yml
+  - import_tasks: ../tasks/tools/docker.yml
+  - import_tasks: ../tasks/tools/postgres.yml
+  - import_tasks: ../tasks/tools/oh-my-zsh.yml
+  - import_tasks: ../tasks/tools/nodejs.yml
+  - import_tasks: ../tasks/filesystem.yml
+  - import_tasks: ../tasks/smoke-test.yml
diff --git a/tasks/packages.yml b/tasks/packages.yml
@@ -3,7 +3,7 @@
 - name: Update and Prune Packages
   apt:
     update_cache: yes
-    upgrade: 'yes'
+    upgrade: yes
     autoremove: yes
     autoclean: yes
 

diff --git a/tasks/tools/oh-my-zsh.yml b/tasks/tools/oh-my-zsh.yml
@@ -12,7 +12,11 @@
 
 - name: Install oh-my-zsh
   shell: sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
+  async: 15
+  poll: 5
   become_user: "{{ user }}"
+  args:
+    creates: "/home/{{ user }}/.oh-my-zsh"
 
 - name: randomize zsh theme
   shell: sed -i 's/robbyrussell/random/g' ~/.zshrc

diff --git a/tasks/tools/postgres.yml b/tasks/tools/postgres.yml
@@ -3,14 +3,16 @@
 - name: Ensure the PostgreSQL service is running
   service: name=postgresql state=started enabled=yes
 
+- name: Create postgres user
+  postgresql_user: name={{ db_user }} password={{ db_password }}
+  become_user: postgres
+
 - name: Create postgres database
-  become: true
   become_user: postgres
   postgresql_db:
     name: "{{ user }}"
 
 - name: Connect to ubuntu database, create ubuntu user, and grant access
-  become: true
   become_user: postgres
   postgresql_user:
     db: "{{ db_user }}"

diff --git a/terraform/main.tf b/terraform/main.tf
@@ -0,0 +1,89 @@
+terraform {
+    backend "s3" {
+        bucket = "benmangold-tf-state-bucket"
+        key = "globals/s3/terraform.tfstate"
+        region = "us-east-2"
+        dynamodb_table = "benmangold-tf-state-lock-table"
+        encrypt= "true"
+    }
+}
+
+variable "key_name" {
+    description = "AWS key name used for SSH access"
+    type = string
+}
+
+variable "instance_name" {
+    description = "Value for EC2 Instance 'Name' tag key"
+    type = string
+}
+
+provider "aws" {
+    region = "us-east-2"
+}
+
+data "aws_vpc" "default" {
+    default = true
+}
+
+data "aws_subnet_ids" "default" {
+    vpc_id = data.aws_vpc.default.id
+}
+
+data "aws_ami" "ubuntu" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  owners = ["099720109477"] # Canonical
+}
+
+resource "aws_launch_configuration" "dev_server_role_dev_env" {
+    image_id = data.aws_ami.ubuntu.id
+    instance_type = "t2.medium"
+    key_name = var.key_name
+    security_groups = [aws_security_group.instance.id]
+
+    lifecycle {
+        create_before_destroy = true
+    }
+}
+
+resource "aws_autoscaling_group" "dev_server_role_dev_env" {
+    launch_configuration = aws_launch_configuration.dev_server_role_dev_env.name
+    vpc_zone_identifier = data.aws_subnet_ids.default.ids
+
+    min_size = 1
+    max_size = 1
+
+    tag {
+        key = "Name"
+        value = var.instance_name
+        propagate_at_launch = true
+    }
+}
+
+resource "aws_security_group" "instance" {
+    name = "terraform-example-instance"
+    ingress {
+        from_port  = 22
+        to_port = 22
+        protocol = "tcp"
+        cidr_blocks = ["0.0.0.0/0"]
+        description = "ingress from ssh"
+    }
+    egress {
+        from_port = 0
+        to_port = 0
+        protocol = "-1"
+        cidr_blocks = ["0.0.0.0/0"]
+    }
+}
diff --git a/tests/inventory b/tests/inventory
@@ -1,2 +1 @@
 localhost
-
diff --git a/tests/test.yml b/tests/test.yml
@@ -1,5 +1,11 @@
 ---
-- hosts: localhost
-  remote_user: root
-  roles:
-    - dev-server-role
+- hosts: all
+  user: ubuntu
+  become: yes
+  gather_facts: yes
+
+  vars_files: 
+    - ../defaults/main.yml
+
+  tasks:
+    - import_tasks: ../tasks/main.yml
-Original file line number
+Diff line change
@@ Expand Up / @@ -22,6 +22,7 @@ docker_packages: @@
       - python3-setuptools
     postgres_packages:
+      - acl
       - bash
       - openssl
       - libpq-dev
@@ Expand Down @@