diff options
| -rw-r--r-- | app/controllers/backends/terraform_aws_controller.rb | 1 | ||||
| -rw-r--r-- | app/models/backends/terraform_aws.rb | 5 | ||||
| -rw-r--r-- | app/views/backends/terraform_aws/new.html.erb | 28 | ||||
| -rw-r--r-- | app/views/backends/terraform_aws/show.html.erb | 29 | ||||
| -rw-r--r-- | db/migrate/20180603120426_remove_efs_file_system_id_from_backends_terraform_aws.rb | 5 | ||||
| -rw-r--r-- | db/structure.sql | 4 | ||||
| -rw-r--r-- | terraform/aws/backend/main.tf | 80 | ||||
| -rw-r--r-- | terraform/aws/mini_environment/main.tf | 12 | ||||
| -rw-r--r-- | test/controllers/backends/terraform_aws_controller_test.rb | 4 |
9 files changed, 73 insertions, 95 deletions
diff --git a/app/controllers/backends/terraform_aws_controller.rb b/app/controllers/backends/terraform_aws_controller.rb index 4b49f23..6e8ed55 100644 --- a/app/controllers/backends/terraform_aws_controller.rb +++ b/app/controllers/backends/terraform_aws_controller.rb @@ -66,7 +66,6 @@ class Backends::TerraformAwsController < ApplicationController :aws_region, :vpc_id, :route_53_zone_id, - :efs_file_system_id, :aws_access_key_id, :aws_secret_access_key ) diff --git a/app/models/backends/terraform_aws.rb b/app/models/backends/terraform_aws.rb index e448cd8..d5abfee 100644 --- a/app/models/backends/terraform_aws.rb +++ b/app/models/backends/terraform_aws.rb @@ -31,7 +31,6 @@ # updated_at :datetime not null # domain :string # route_53_zone_id :string not null -# efs_file_system_id :string not null # vpc_id :string not null # @@ -107,6 +106,7 @@ class Backends::TerraformAws < ApplicationRecord vars: common_terraform_variables.merge( aws_vpc_id: vpc_id, ssh_public_key: ssh_public_key, + backend_slug: label.parameterize, mini_environment_admin_guix_public_key: guix_public_key, mini_environment_admin_public_ip_address: public_ip_address ), @@ -132,8 +132,7 @@ class Backends::TerraformAws < ApplicationRecord aws_secret_key: aws_secret_access_key, aws_region: aws_region, ssh_public_key: ssh_public_key, - aws_route_53_zone_id: route_53_zone_id, - aws_efs_file_system_id: efs_file_system_id + aws_route_53_zone_id: route_53_zone_id } end diff --git a/app/views/backends/terraform_aws/new.html.erb b/app/views/backends/terraform_aws/new.html.erb index 04cab8a..fbd26a1 100644 --- a/app/views/backends/terraform_aws/new.html.erb +++ b/app/views/backends/terraform_aws/new.html.erb @@ -125,34 +125,6 @@ License along with the GOV.UK Mini Environment Admin. If not, see </div> <div class="form-group form-group-lg"> - <%= f.label( - :efs_file_system_id, - 'EFS File System ID', - class: 'col-sm-4 control-label' - ) %> - <div class="col-sm-8"> - <%= f.text_field( - :efs_file_system_id, - class: 'form-control', - placeholder: 'The ID of the EFS File System to use' - ) %> - <span class="help-block"> - <p> - This EFS (Elastic File System) is used for the Guix - store. - </p> - <p> - It must be used by both this instance of the GOV.UK Mini - Environment Admin, and the mini environments created - through this backend, so that store items created - through this service are available on the mini - environment machines when they mount this file system. - </p> - </span> - </div> - </div> - - <div class="form-group form-group-lg"> <%= f.label :aws_access_key_id, 'AWS Access Key ID', class: 'col-sm-4 control-label' %> <div class="col-sm-8"> <%= f.text_field( diff --git a/app/views/backends/terraform_aws/show.html.erb b/app/views/backends/terraform_aws/show.html.erb index f542cff..6204d96 100644 --- a/app/views/backends/terraform_aws/show.html.erb +++ b/app/views/backends/terraform_aws/show.html.erb @@ -132,35 +132,6 @@ License along with the GOV.UK Mini Environment Admin. If not, see </div> <div class="form-group form-group-lg"> - <%= f.label( - :efs_file_system_id, - 'EFS File System ID', - class: 'col-sm-4 control-label' - ) %> - <div class="col-sm-8"> - <%= f.text_field( - :efs_file_system_id, - class: 'form-control', - placeholder: 'The ID of the EFS File System to use', - readonly: true - ) %> - <span class="help-block"> - <p> - This EFS (Elastic File System) is used for the Guix - store. - </p> - <p> - It must be used by both this instance of the GOV.UK Mini - Environment Admin, and the mini environments created - through this backend, so that store items created - through this service are available on the mini - environment machines when they mount this file system. - </p> - </span> - </div> - </div> - - <div class="form-group form-group-lg"> <%= f.label :aws_access_key_id, 'AWS Access Key ID', class: 'col-sm-4 control-label' %> <div class="col-sm-8"> <%= f.text_field( diff --git a/db/migrate/20180603120426_remove_efs_file_system_id_from_backends_terraform_aws.rb b/db/migrate/20180603120426_remove_efs_file_system_id_from_backends_terraform_aws.rb new file mode 100644 index 0000000..25abfb5 --- /dev/null +++ b/db/migrate/20180603120426_remove_efs_file_system_id_from_backends_terraform_aws.rb @@ -0,0 +1,5 @@ +class RemoveEfsFileSystemIdFromBackendsTerraformAws < ActiveRecord::Migration[5.1] + def change + remove_column :terraform_aws_backends, :efs_file_system_id, :string + end +end diff --git a/db/structure.sql b/db/structure.sql index 9e03d7d..36c6abb 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -256,7 +256,6 @@ CREATE TABLE public.terraform_aws_backends ( updated_at timestamp without time zone NOT NULL, domain character varying, route_53_zone_id character varying NOT NULL, - efs_file_system_id character varying NOT NULL, vpc_id character varying NOT NULL ); @@ -660,6 +659,7 @@ INSERT INTO "schema_migrations" (version) VALUES ('20180530191341'), ('20180530192706'), ('20180601153537'), -('20180601182655'); +('20180601182655'), +('20180603120426'); diff --git a/terraform/aws/backend/main.tf b/terraform/aws/backend/main.tf index 56b91b9..20b0bbe 100644 --- a/terraform/aws/backend/main.tf +++ b/terraform/aws/backend/main.tf @@ -22,10 +22,6 @@ variable "aws_route_53_zone_id" { type = "string" } -variable "aws_efs_file_system_id" { - type = "string" -} - variable "ssh_public_key" { type = "string" } @@ -70,6 +66,10 @@ variable "mini_environment_admin_public_ip_address" { type = "string" } +variable "backend_slug" { + type = "string" +} + locals { guix_daemon_substitute_servers = "${join(" ", keys(var.guix_substitute_servers))}" } @@ -84,10 +84,6 @@ data "aws_route53_zone" "main" { zone_id = "${var.aws_route_53_zone_id}" } -data "aws_efs_file_system" "main" { - file_system_id = "${var.aws_efs_file_system_id}" -} - data "template_file" "guix_daemon_service" { template = "${file("${path.module}/guix-daemon.service.tpl")}" @@ -96,13 +92,37 @@ data "template_file" "guix_daemon_service" { } } +data "aws_availability_zones" "available" {} + + +resource "aws_default_subnet" "main" { + count = "${length(data.aws_availability_zones.available.names)}" + availability_zone = "${data.aws_availability_zones.available.names[count.index]}" +} + +resource "aws_efs_file_system" "main" { + creation_token = "govuk_mini_environment_admin/${var.backend_slug}" + + tags { + Name = "govuk_mini_environment_admin/${var.backend_slug}" + } +} + +resource "aws_efs_mount_target" "main" { + count = "${length(data.aws_availability_zones.available.names)}" + file_system_id = "${aws_efs_file_system.main.id}" + subnet_id = "${aws_default_subnet.main.*.id[count.index]}" + + security_groups = ["${aws_security_group.efs_mount_target.id}"] +} resource "aws_key_pair" "deployer" { + key_name = "govuk_mini_environment_admin/${var.backend_slug}/deployer" public_key = "${var.ssh_public_key}" } resource "aws_security_group" "public_webserver" { - name = "govuk_mini_environment_admin_public_webserver" + name = "govuk_mini_environment_admin/${var.backend_slug}/public_webserver" description = "For instances running public facing web servers" vpc_id = "${var.aws_vpc_id}" @@ -136,7 +156,7 @@ resource "aws_security_group" "public_webserver" { } resource "aws_security_group" "ssh_access_from_mini_environment_admin" { - name = "govuk_mini_environment_admin_ssh_access_from_mini_environment_admin" + name = "govuk_mini_environment_admin/${var.backend_slug}/ssh_access_from_mini_environment_admin" description = "For instances that need SSH access for Terraform and Guix builds" vpc_id = "${var.aws_vpc_id}" @@ -149,7 +169,7 @@ resource "aws_security_group" "ssh_access_from_mini_environment_admin" { } resource "aws_security_group" "guix_client" { - name = "govuk_mini_environment_admin_guix_client" + name = "govuk_mini_environment_admin/${var.backend_slug}/guix_client" description = "For instances with access to the guix_daemon instance" vpc_id = "${var.aws_vpc_id}" @@ -162,7 +182,7 @@ resource "aws_security_group" "guix_client" { } resource "aws_security_group" "guix_daemon" { - name = "govuk_mini_environment_admin_guix_daemon" + name = "govuk_mini_environment_admin/${var.backend_slug}/guix_daemon" description = "For the guix_daemon instance." vpc_id = "${var.aws_vpc_id}" @@ -182,7 +202,7 @@ resource "aws_security_group" "guix_daemon" { } resource "aws_security_group" "efs_mount_target" { - name = "govuk_mini_environment_admin_efs_mount_target" + name = "govuk_mini_environment_admin/${var.backend_slug}/efs_mount_target" description = "For the EFS File System mount targets" vpc_id = "${var.aws_vpc_id}" @@ -210,6 +230,8 @@ resource "aws_spot_instance_request" "main" { wait_for_fulfillment = true spot_price = "0.05" + depends_on = ["aws_efs_mount_target.main"] + provisioner "file" { content = "${data.template_file.guix_daemon_service.rendered}" destination = "/home/ubuntu/guix-daemon.service" @@ -237,10 +259,21 @@ resource "aws_spot_instance_request" "main" { "sudo apt-get -y install nfs-common cachefilesd nscd", "sudo tune2fs -o user_xattr /dev/xvda1", "sudo sed 's/#RUN/RUN/' -i /etc/default/cachefilesd", - "echo \"${data.aws_efs_file_system.main.dns_name}:/var/guix /var/guix nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 0 0\" | sudo tee -a /etc/fstab", - "echo \"${data.aws_efs_file_system.main.dns_name}:/gnu/store /gnu/store nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,fsc,hard,timeo=600,retrans=2 0 0\" | sudo tee -a /etc/fstab", - "echo \"${data.aws_efs_file_system.main.dns_name}:/ /mnt/efs nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,fsc,hard,timeo=600,retrans=2 0 0\" | sudo tee -a /etc/fstab", - "sudo mkdir -p /var/guix /gnu/store /mnt/efs", + "sudo mkdir -p /mnt/efs", + "echo \"${aws_efs_file_system.main.dns_name}:/ /mnt/efs nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,fsc,hard,timeo=600,retrans=2 0 0\" | sudo tee -a /etc/fstab", + "sudo mount -a", + <<EOF +if [ ! -d "/mnt/efs/gnu" ]; then + cd /mnt/efs + sudo wget https://alpha.gnu.org/gnu/guix/guix-binary-0.14.0.x86_64-linux.tar.xz + sudo tar --warning=no-timestamp -xf guix-binary-0.14.0.x86_64-linux.tar.xz + cd - +fi +EOF + , + "sudo mkdir -p /gnu/store /var/guix", + "echo \"${aws_efs_file_system.main.dns_name}:/var/guix /var/guix nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 0 0\" | sudo tee -a /etc/fstab", + "echo \"${aws_efs_file_system.main.dns_name}:/gnu/store /gnu/store nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,fsc,hard,timeo=600,retrans=2 0 0\" | sudo tee -a /etc/fstab", "sudo mount -a", "sudo mv /home/ubuntu/guix-daemon.service /etc/systemd/system/guix-daemon.service", "sudo mkdir /etc/guix", @@ -259,7 +292,14 @@ EOF "sudo systemctl daemon-reload", "sudo systemctl enable guix-daemon.service", "sudo systemctl start guix-daemon.service", - "ln -s /var/guix/profiles/per-user/ubuntu/guix-profile ~/.guix-profile", + <<EOF +if [ ! -d "/var/guix/profiles/per-user/ubuntu" ]; then + /var/guix/profiles/per-user/root/guix-profile/bin/guix package -i guile guix +else + ln -s /var/guix/profiles/per-user/ubuntu/guix-profile ~/.guix-profile +fi +EOF + , # This is needed for things like guix copy to work "echo 'GUIX_PROFILE=/home/ubuntu/.guix-profile; source /home/ubuntu/.guix-profile/etc/profile' | cat - .bashrc > temp && mv temp .bashrc" ] @@ -300,3 +340,7 @@ output "ssh_access_from_mini_environment_admin_security_group_name" { output "guix_daemon_private_dns" { value = "${aws_spot_instance_request.main.private_dns}" } + +output "efs_file_system_dns_name" { + value = "${aws_efs_file_system.main.dns_name}" +} diff --git a/terraform/aws/mini_environment/main.tf b/terraform/aws/mini_environment/main.tf index 4f9b9c3..f5db361 100644 --- a/terraform/aws/mini_environment/main.tf +++ b/terraform/aws/mini_environment/main.tf @@ -22,10 +22,6 @@ variable "aws_route_53_zone_id" { type = "string" } -variable "aws_efs_file_system_id" { - type = "string" -} - variable "start_command" { type = "string" } @@ -52,10 +48,6 @@ data "aws_route53_zone" "main" { zone_id = "${var.aws_route_53_zone_id}" } -data "aws_efs_file_system" "main" { - file_system_id = "${var.aws_efs_file_system_id}" -} - data "template_file" "govuk_service" { template = "${file("${path.module}/govuk.service.tpl")}" @@ -96,9 +88,9 @@ resource "aws_spot_instance_request" "main" { "sudo tune2fs -o user_xattr /dev/xvda1", "sudo sed 's/#RUN/RUN/' -i /etc/default/cachefilesd", "sudo mkdir -p /gnu/store", - "sudo mount -t nfs4 -o ro,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,actimeo=600,fsc,nocto,retrans=2 ${data.aws_efs_file_system.main.dns_name}:gnu/store /gnu/store", + "sudo mount -t nfs4 -o ro,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,actimeo=600,fsc,nocto,retrans=2 ${data.terraform_remote_state.backend.efs_file_system_dns_name}:gnu/store /gnu/store", "sudo mkdir -p /var/guix", - "sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 ${data.aws_efs_file_system.main.dns_name}:var/guix /var/guix", + "sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 ${data.terraform_remote_state.backend.efs_file_system_dns_name}:var/guix /var/guix", "echo \"export GUIX_DAEMON_SOCKET=guix://${data.terraform_remote_state.backend.guix_daemon_private_dns}\" | sudo tee /etc/profile.d/guix-daemon-socket.sh", #"sudo systemctl restart cachefilesd", "sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080", diff --git a/test/controllers/backends/terraform_aws_controller_test.rb b/test/controllers/backends/terraform_aws_controller_test.rb index be575f1..f98890f 100644 --- a/test/controllers/backends/terraform_aws_controller_test.rb +++ b/test/controllers/backends/terraform_aws_controller_test.rb @@ -17,7 +17,6 @@ class Backends::TerraformAwsControllerTest < ActionDispatch::IntegrationTest aws_access_key_id: 'test-access-key-id', aws_secret_access_key: 'test-secret-access-key', route_53_zone_id: 'test-route-53-zone-id', - efs_file_system_id: 'test-efs-file-system-id', vpc_id: 'test-vpc-id' } @@ -45,7 +44,6 @@ class Backends::TerraformAwsControllerTest < ActionDispatch::IntegrationTest aws_access_key_id: 'old-test-access-key-id', aws_secret_access_key: 'old-test-secret-access-key', route_53_zone_id: 'old-test-route-53-zone-id', - efs_file_system_id: 'test-efs-file-system-id', vpc_id: 'test-vpc-id' ) @@ -74,7 +72,6 @@ class Backends::TerraformAwsControllerTest < ActionDispatch::IntegrationTest aws_access_key_id: 'old-test-access-key-id', aws_secret_access_key: 'old-test-secret-access-key', route_53_zone_id: 'old-test-route-53-zone-id', - efs_file_system_id: 'test-efs-file-system-id', vpc_id: 'test-vpc-id' ) @@ -90,7 +87,6 @@ class Backends::TerraformAwsControllerTest < ActionDispatch::IntegrationTest aws_access_key_id: 'old-test-access-key-id', aws_secret_access_key: 'old-test-secret-access-key', route_53_zone_id: 'old-test-route-53-zone-id', - efs_file_system_id: 'test-efs-file-system-id', vpc_id: 'test-vpc-id' ) |